mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
d551e853fc
Kerberos principal aliases lookup had a long-standing TODO item to support server referrals for host-based aliases. This commit implements server referrals for hosts belonging to trusted domains. The use-case is a part of S4U processing in a two-way trust when an IPA service requests a ticket to a host in a trusted domain (e.g. service on AD DC). In such situation, the server principal in TGS request will be a normal principal in our domain and KDC needs to respond with a server referral. This referral can be issued by a KDB driver or by the KDC itself, using 'domain_realms' section of krb5.conf. Since KDB knows all suffixes associated with the trusted domains, implement the logic there. Fixes: https://pagure.io/freeipa/issue/9164 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Julien Rische <jrische@redhat.com> |
||
---|---|---|
.. | ||
dnssec | ||
ipa-kdb | ||
ipa-otpd | ||
ipa-sam | ||
ipa-slapi-plugins | ||
ipa-version.h.in | ||
Makefile.am |