freeipa/daemons
Alexander Bokovoy c5f32165d6 Add Authentication Indicator Kerberos ticket policy options
For the authentication indicators 'otp', 'radius', 'pkinit', and
'hardened', allow specifying maximum ticket life and maximum renewable
age in Kerberos ticket policy.

The policy extensions are now loaded when a Kerberos principal data is
requested by the KDC and evaluated in AS_REQ KDC policy check. If one of
the authentication indicators mentioned above is present in the AS_REQ,
corresponding policy is applied to the ticket.

Related: https://pagure.io/freeipa/issue/8001

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-21 11:13:12 -05:00
..
dnssec Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipa-kdb Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
ipa-otpd Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
ipa-sam Add local helpers to handle unixid structure 2019-10-01 10:38:00 -04:00
ipa-slapi-plugins extdom: use sss_nss_*_timeout calls 2019-09-12 10:48:13 +03:00
ipa-version.h.in Build: move version handling from Makefile to configure 2016-11-09 13:08:32 +01:00
Makefile.am Build: properly integrate ipa-version.h.in into build system 2016-11-29 15:28:24 +01:00