mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
We created a Kerberos kdcpolicy plugin to enforce user pre-authentication policy for newly added pkinit and hardened policy. In the past version of freeIPA, password enforcement exists but was done by removing key data for a principal while parsing LDAP entry for it. This hack is also removed and is now also enforced by kdcpolicy plugin instead. Resolves: https://pagure.io/freeipa/issue/8001 Signed-off-by: Changmin Teng <cteng@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> |
||
---|---|---|
.. | ||
tests | ||
ipa_kdb_audit_as.c | ||
ipa_kdb_certauth.c | ||
ipa_kdb_common.c | ||
ipa_kdb_delegation.c | ||
ipa_kdb_kdcpolicy.c | ||
ipa_kdb_mkey.c | ||
ipa_kdb_mspac_private.h | ||
ipa_kdb_mspac.c | ||
ipa_kdb_passwords.c | ||
ipa_kdb_principals.c | ||
ipa_kdb_pwdpolicy.c | ||
ipa_kdb.c | ||
ipa_kdb.exports | ||
ipa_kdb.h | ||
Makefile.am | ||
README | ||
README.s4u2proxy.txt |
This is the ipa krb5kdc database backend.