freeipa/daemons
Alexander Bokovoy a9018da90d ipa-kdb: handle cross-realm TGT entries when generating PAC
For generating PAC we need to know SID of the object and a number of
required attributes. However, trusted domain objects do not have these
attributes. Luckily, IPA LDAP schema puts them under actual trust
objects which have all the additional (POSIX) attributes.

Refactor PAC generator to accept secondary LDAP entry and use that one
to pull up required attributes. We only use this for trusted domain
objects.

Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
..
dnssec dnssec daemons: read the dns context config file for debug state 2022-06-02 11:17:57 +02:00
ipa-kdb ipa-kdb: handle cross-realm TGT entries when generating PAC 2022-11-02 11:03:04 +02:00
ipa-otpd ipa-otpd: initialize local pointers and handle gcc 10 2022-08-29 17:34:20 +02:00
ipa-sam ipa-sam: retrieve trusted domain account credential from the TDO itself 2022-04-13 18:37:12 +02:00
ipa-slapi-plugins extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization) 2022-10-04 14:01:56 +02:00
ipa-version.h.in Build: move version handling from Makefile to configure 2016-11-09 13:08:32 +01:00
Makefile.am build: Unify compiler warning flags used 2021-01-15 14:11:56 +01:00