diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-15 17:06:54 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-15 17:08:33 +0100 |
commit | 2da6d6e7460b932f406b7f0632320433f9f98a85 (patch) | |
tree | b48904578e589bfc942bd1f7150a57fd61e718c6 /install/share | |
parent | 95b1848f199a8f17936faac921d7b9495f90645b (diff) | |
download | freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.tar.gz freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.tar.xz freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.zip |
Don't set delegation flag in client, we're using S4U2Proxy now
A forwardable ticket is still required but we no longer need to send
the TGT to the IPA server. A new flag, --delegate, is available if
the old behavior is required.
Set the minimum n-v-r for mod_auth_kerb and krb5-server to pick up
needed patches for S4U2Proxy to work.
https://fedorahosted.org/freeipa/ticket/1098
https://fedorahosted.org/freeipa/ticket/2246
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/bootstrap-template.ldif | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index b58bfd7e7..e33f06571 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -174,7 +174,7 @@ objectClass: groupOfPrincipals objectClass: top cn: ipa-http-delegation memberPrincipal: HTTP/$HOST@$REALM -ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX +ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX changetype: add |