diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-03-26 14:23:42 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-06-07 09:39:10 +0200 |
commit | cbb1d626b913a7ce802150aa15bda761c9768695 (patch) | |
tree | 2a4f05111ec95abce4e7a613749028eec9eae4dc /install/share | |
parent | 27517c2008d040f340fa2b9ace51fba4baea3eef (diff) | |
download | freeipa-cbb1d626b913a7ce802150aa15bda761c9768695.tar.gz freeipa-cbb1d626b913a7ce802150aa15bda761c9768695.tar.xz freeipa-cbb1d626b913a7ce802150aa15bda761c9768695.zip |
Perform case-insensitive searches for principals on TGS requests
We want to always resolve TGS requests even if the user mistakenly sends a
request for a service ticket where the fqdn part contain upper case letters.
The actual implementation follows hints set by KDC. When AP_REQ is done, KDC
sets KRB5_FLAG_ALIAS_OK and we obey it when looking for principals on TGS requests.
https://fedorahosted.org/freeipa/ticket/1577
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/61kerberos-ipav3.ldif | 3 | ||||
-rw-r--r-- | install/share/Makefile.am | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/install/share/61kerberos-ipav3.ldif b/install/share/61kerberos-ipav3.ldif new file mode 100644 index 000000000..dcdaa5d08 --- /dev/null +++ b/install/share/61kerberos-ipav3.ldif @@ -0,0 +1,3 @@ +dn: cn=schema +attributeTypes: (2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DESC 'IPA principal alias' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3') +objectClasses: (2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPrincipalAux AUXILIARY MUST ( krbPrincipalName $ ipaKrbPrincipalAlias ) X-ORIGIN 'IPA v3' ) diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 81fd0dc15..68c98e05a 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -9,6 +9,7 @@ app_DATA = \ 60basev2.ldif \ 60basev3.ldif \ 60ipadns.ldif \ + 61kerberos-ipav3.ldif \ 65ipasudo.ldif \ anonymous-vlv.ldif \ bootstrap-template.ldif \ |