summaryrefslogtreecommitdiffstats
path: root/ipalib/install/kinit.py
Commit message (Collapse)AuthorAgeFilesLines
* Use only anonymous PKINIT to fetch armor ccacheMartin Babinsky2017-04-281-17/+13
| | | | | | | | | | | | | | | Since the anonymous principal can only use PKINIT to fetch credential cache it makes no sense to try and use its kerberos key to establish FAST channel. We should also be able to use custom PKINIT anchor for the armoring. https://pagure.io/freeipa/issue/6830 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Use Anonymous user to obtain FAST armor ccacheSimo Sorce2017-02-151-1/+29
| | | | | | | | | | | | The anonymous user allows the framework to obtain an armor ccache without relying on usable credentials, either via a keytab or a pkinit and public certificates. This will be needed once the HTTP keytab is moved away for privilege separation. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipautil: move kinit functions to ipalib.installJan Cholasta2016-11-291-0/+97
kinit_password() depends on ipaplatform. Move kinit_password() as well as kinit_keytab() to a new ipalib.install.kinit module, as they are used only from installers. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 22:22:39 +0000