freeipa/doc
Alexander Bokovoy b035ac8eb9 doc: add design document for Kerberos constrained delegation
FreeIPA Kerberos implementation already supports delegation of
credentails, both unconstrained and constrained. Constrained delegation
is an extension developed by Microsoft and documented in MS-SFU
specification. MS-SFU specification also includes resource-based
constrained delegation (RBCD) which FreeIPA did not support.

Microsoft has decided to force use of RBCD for forest trust. This means
that certain use-cases will not be possible anymore.

This design document outlines approaches used by FreeIPA for constrained
delegation implementation, including RBCD.

Fixes: https://pagure.io/freeipa/issue/9354

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2023-04-05 14:55:22 -04:00
..
_static/css docs: tune RTD to display lists with disc and left margin 2022-05-10 15:52:41 +03:00
api doc: allow notes on Param API Reference pages 2023-03-29 10:53:25 +02:00
designs doc: add design document for Kerberos constrained delegation 2023-04-05 14:55:22 -04:00
examples Have all the scripts run in python 3 by default 2018-02-15 18:43:12 +01:00
guide logging: do not reference loggers in arguments and attributes 2017-07-14 15:55:59 +02:00
workshop external-idp: change idp server name to reference name 2023-03-03 05:08:02 +01:00
conf.py doc: generate API Reference 2022-11-16 14:46:17 -05:00
constraints.txt ap: Constrain supported docutils 2022-07-26 12:36:41 -04:00
index.rst doc: generate API Reference 2022-11-16 14:46:17 -05:00
Makefile ap: Constrain supported docutils 2022-07-26 12:36:41 -04:00
requirements.txt docs: force sphinx version above 3.0 to avoid caching in RTD 2022-05-04 10:40:07 +03:00
workshop.rst workshop: add chapter 12: External IdP support 2022-05-10 15:52:41 +03:00