IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
c5f32165d6
freeipa/doc/designs
History
Alexander Bokovoy c5f32165d6 Add Authentication Indicator Kerberos ticket policy options 
For the authentication indicators 'otp', 'radius', 'pkinit', and
'hardened', allow specifying maximum ticket life and maximum renewable
age in Kerberos ticket policy.

The policy extensions are now loaded when a Kerberos principal data is
requested by the KDC and evaluated in AS_REQ KDC policy check. If one of
the authentication indicators mentioned above is present in the AS_REQ,
corresponding policy is applied to the ticket.

Related: https://pagure.io/freeipa/issue/8001

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-21 11:13:12 -05:00
..
adtrust Add SMB attributes for users 2019-07-01 13:21:21 +02:00
extdom-plugin-protocol.md extdom: add extdom protocol documentation 2019-09-12 10:48:13 +03:00
hidden-replicas.md Hidden replica documentation: fix typo 2019-06-13 23:13:43 +02:00
krb-ticket-policy.md Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
membermanager.md Add group membership management 2019-11-11 09:31:14 +01:00