Alexander Bokovoy 7ac6adfaac kdb: implement RBCD handling in KDB driver ... Resource-based constrained delegation (RBCD) is implemented with a new callback used by the KDC. This callback is called when a server asks for S4U2Proxy TGS request and passes a ticket that contains RBCD PAC options. The callback is supposed to take a client and a server principals, a PAC and a target service database entry. Using the target service database entry it then needs to decide whether a server principal is allowed to delegate the client credentials to the target service. The callback can also cross-check whether the client principal can be limited in delegating own tickets but this is not implemented in the current version. Fixes: https://pagure.io/freeipa/issue/9354 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>		2023-04-06 08:53:32 +02:00
..
dnssec	pylint: remove useless suppression	2023-01-10 10:11:45 +01:00
ipa-kdb	kdb: implement RBCD handling in KDB driver	2023-04-06 08:53:32 +02:00
ipa-otpd	Fixes: ipa-otpd@.service: deprecated syslog setting	2022-12-19 11:53:10 +01:00
ipa-sam	ipa-sam: retrieve trusted domain account credential from the TDO itself	2022-04-13 18:37:12 +02:00
ipa-slapi-plugins	extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization)	2022-10-06 10:13:45 +02:00
ipa-version.h.in	Build: move version handling from Makefile to configure	2016-11-09 13:08:32 +01:00
Makefile.am	build: Unify compiler warning flags used	2021-01-15 14:11:56 +01:00