diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-02-15 17:06:54 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-02-15 17:08:33 +0100 |
| commit | 2da6d6e7460b932f406b7f0632320433f9f98a85 (patch) | |
| tree | b48904578e589bfc942bd1f7150a57fd61e718c6 /ipalib/plugable.py | |
| parent | 95b1848f199a8f17936faac921d7b9495f90645b (diff) | |
| download | freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.tar.gz freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.tar.xz freeipa-2da6d6e7460b932f406b7f0632320433f9f98a85.zip | |
Don't set delegation flag in client, we're using S4U2Proxy now
A forwardable ticket is still required but we no longer need to send
the TGT to the IPA server. A new flag, --delegate, is available if
the old behavior is required.
Set the minimum n-v-r for mod_auth_kerb and krb5-server to pick up
needed patches for S4U2Proxy to work.
https://fedorahosted.org/freeipa/ticket/1098
https://fedorahosted.org/freeipa/ticket/2246
Diffstat (limited to 'ipalib/plugable.py')
| -rw-r--r-- | ipalib/plugable.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipalib/plugable.py b/ipalib/plugable.py index e0b6e7f96..4d0011029 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -530,6 +530,9 @@ class API(DictProxy): parser.add_option('-d', '--debug', action='store_true', help='Produce full debuging output', ) + parser.add_option('--delegate', action='store_true', + help='Delegate the TGT to the IPA server', + ) parser.add_option('-v', '--verbose', action='count', help='Produce more verbose output. A second -v displays the XML-RPC request', ) @@ -570,7 +573,7 @@ class API(DictProxy): pass overrides[str(key.strip())] = value.strip() for key in ('conf', 'debug', 'verbose', 'prompt_all', 'interactive', - 'fallback'): + 'fallback', 'delegate'): value = getattr(options, key, None) if value is not None: overrides[key] = value |