freeipa.git - FreeIPA patches

diff options

author	Fraser Tweedale <ftweedal@redhat.com>	2016-10-26 09:48:19 +1000
committer	Martin Babinsky <mbabinsk@redhat.com>	2016-12-06 16:13:45 +0100
commit	dfbdb5323863e6c3d681c1b33b1eb9d2efefd6c7 (patch)
tree	50c13bc8659c692da061749ec35519ede5c4a1bb /ipaserver/install/bindinstance.py
parent	0499ba5795cf483756ac980604fd2c26fda7ba39 (diff)
download	freeipa-dfbdb5323863e6c3d681c1b33b1eb9d2efefd6c7.tar.gz freeipa-dfbdb5323863e6c3d681c1b33b1eb9d2efefd6c7.tar.xz freeipa-dfbdb5323863e6c3d681c1b33b1eb9d2efefd6c7.zip

cert-request: match names against principal aliases

Currently we do not check Kerberos principal aliases when validating a CSR. Enhance cert-request to accept the following scenarios: - for hosts and services: CN and SAN dnsNames match a principal alias (realm and service name must be same as nominated principal) - for all principal types: UPN or KRB5PrincipalName othername match any principal alias. Fixes: https://fedorahosted.org/freeipa/ticket/6295 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>

Diffstat (limited to 'ipaserver/install/bindinstance.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: