mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
b035ac8eb9
FreeIPA Kerberos implementation already supports delegation of credentails, both unconstrained and constrained. Constrained delegation is an extension developed by Microsoft and documented in MS-SFU specification. MS-SFU specification also includes resource-based constrained delegation (RBCD) which FreeIPA did not support. Microsoft has decided to force use of RBCD for forest trust. This means that certain use-cases will not be possible anymore. This design document outlines approaches used by FreeIPA for constrained delegation implementation, including RBCD. Fixes: https://pagure.io/freeipa/issue/9354 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
_static/css | ||
api | ||
designs | ||
examples | ||
guide | ||
workshop | ||
conf.py | ||
constraints.txt | ||
index.rst | ||
Makefile | ||
requirements.txt | ||
workshop.rst |