Bug 1419602
Summary: | Kerberos flags section outdated | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Aneta Šteflová Petrová <apetrova> |
Component: | doc-Linux_Domain_Identity_Management_Guide | Assignee: | Lucie Vařáková <lmanasko> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | abokovoy, lmanasko, pvoborni, rhel-docs |
Target Milestone: | rc | Keywords: | Documentation, EasyFix |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-27 09:14:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Aneta Šteflová Petrová
2017-02-06 15:12:07 UTC
IPA has 3 Kerberos ticket flags for services: From code: ticket_flags_params = ( Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth', label=_('Requires pre-authentication'), doc=_('Pre-authentication is required for the service'), flags=['virtual_attribute', 'no_search'], ), Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate', label=_('Trusted for delegation'), doc=_('Client credentials may be delegated to the service'), flags=['virtual_attribute', 'no_search'], ), Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate', label=_('Trusted to authenticate as user'), doc=_('The service is allowed to authenticate on behalf of a client'), flags=['virtual_attribute', 'no_search'], ), ) _ticket_flags_map = { 'ipakrbrequirespreauth': 0x00000080, 'ipakrbokasdelegate': 0x00100000, 'ipakrboktoauthasdelegate': 0x00200000, } In CLI help it looks like: --requires-pre-auth=BOOL Pre-authentication is required for the service --ok-as-delegate=BOOL Client credentials may be delegated to the service --ok-to-auth-as-delegate=BOOL The service is allowed to authenticate on behalf of a client Documenation doesn't list ok-to-auth-as-delegate. The Web UI screenshot shows only 1 krb flag. So the screenshot should be updated. SME for description or purpose of the third flag is Alexander. Same flags can be set also for host objects. |