freeipa/ipaserver/install/server
Antonio Torres 0bdbf11442 Add checks to prevent adding auth indicators to internal IPA services
Authentication indicators should not be enforced against internal
IPA services, since not all users of those services are able to produce
Kerberos tickets with all the auth indicator options. This includes
host, ldap, HTTP and cifs in IPA server and cifs in IPA clients.
If a client that is being promoted to replica has an auth indicator
in its host principal then the promotion is aborted.

Fixes: https://pagure.io/freeipa/issue/8206
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-07-05 11:07:02 +02:00
..
__init__.py Require at least 1.6Gb of available RAM to install the server 2020-09-14 09:17:33 +03:00
install.py Ensure IPA is running (ideally) before uninstalling the KRA 2021-02-04 01:29:53 +01:00
replicainstall.py Add checks to prevent adding auth indicators to internal IPA services 2021-07-05 11:07:02 +02:00
upgrade.py LDAP autobind authenticateAsDN for BIND named 2021-06-15 14:13:16 +03:00