freeipa

Clone
Source Code
GIT

#1365 [RFE] Add UI support for setting kerberos principal name aliases for services
Closed: Fixed None Opened 12 years ago by simo.

Closed: Fixed
Reopen Issue

We want to be able to use aliases so that a KDC can give back a ticket for a service using multiple names to reference the same set of credentials.

To set aliases krbCanonicalName needs to be set with the 'original' name of the host/service. And then aliases added to the multi-value krbPrincipalName attribute.

We should restrict use of aliases only to computer and service objects initially.

master:

  • de6abc7 ipapython module for Kerberos principal manipulation and parsing
  • e6fc8f8 Test suite for ipapython/kerberos.py
  • 974eb7b ipalib: introduce Principal parameter
  • c2af032 Migrate management framework plugins to use Principal parameter
  • d151748 Add ACI for admins to modify principal attributes
  • 7e803aa replace an ACI relying on presence of deprecated objectclass
  • 750a392 Allow for commands that use positional parameters to add/remove attributes
  • a28d312 Make framework consider krbcanonicalname as service primary key
  • e6ff83e Provide API for management of host, service, and user principal aliases
  • acf2234 Unify display of principal names/aliases across entities

Metadata Update from @simo:
- Issue assigned to mbabinsk
- Issue set to the milestone: Ticket Backlog
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
Management framework
None
0
None
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.