Fields changed

type: defect => enhancement

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 beta

Fields changed

rhbz: => todo

This would require a FreeIPA ticket. But it can be done only when we have vault capability in IPA.

FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/4176

The other option is to modify gnome-keyring and do not touch SSSD at all. Gnome-keyring could use PKCS#11 for manipulating the key used for keyring encryption. As a result, the key could be stored on a real smart card or in IPA.

Given the fact that IPA is going to implement PKCS#11 interface anyway it seems that support for PKCS#11 standard in gnome-keyring is a way how to get more functionality with the same effort.

Related ticket - #2278 was requested sooner as it's a prerequisity for OTP. Moving up.

milestone: SSSD 1.14 beta => SSSD 1.13 beta

Fields changed

mark: => 1

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

Mass-moving tickets not planned for the 1.13 release to 1.14

milestone: SSSD 1.13 backlog => SSSD 1.14 beta

There is an existing thesis topic proposal for this RFE: https://thesis-managementsystem.rhcloud.com/topic/show/219/gnome-keyring-storage-in-freeipa

keywords: => thesis

Michal, is this part of your thesis?

cc: => mzidek@redhat.com
milestone: SSSD 1.14 beta => SSSD 1.14 backlog
sensitive: => 0

Replying to [comment:12 jhrozek]:

Michal, is this part of your thesis?

No. At least not in the way it is designed currently.

This ticket talks about storing the keys to decrypt GK inside FreeIPA, but my goal is to store there the secrets themselves (the secrets that are inside GK).

I see value in storing just the keys to decrypt the GK inside FreeIPA, but it is not the goal currently. However the only think this would achieve is that the user will not have to type the password for GK after login (which is still a good feature IMO, but not the goal of my thesis).

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1355909 (Red Hat Enterprise Linux 7)

rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1355909 1355909]

Since the 1.14 branch is transitioning into maintenance mode and new functionality is being developed in master which will become 1.15 eventually, I'm mass-moving tickets from the 1.14 backlog milestone to the "Future releases" milestone.

milestone: SSSD 1.14 backlog => SSSD Future releases (no date set yet)

Bugzilla closed as won't fix

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3263

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.