This bug is created as a clone of upstream ticket:
When used within the FreeIPA project dogtag should allow authenticating using GSSAPI. Users can be mapped to the FreeIPA directory suffix in this case.
Using GSSAPI would allow the IPA framework to foully delegate to dogtag's ACLs some operations requested by users.
Per CS Bug/Ticket Triage held 04/19/2016: RHEL 7.4
Confirmed with Fraser.
RHCS 9.2 PRD item 1.3 is medium priority.
Changes have been pushed to master; moving bug to POST for inclusion in RHEL 7.4 (beta).
This ticket is closely related to
This is not a feature we are actively using in IPA or elsewhere
at the moment, but we wanted to land the changes as early as possible.
IPA will make use of them in a future release.
Therefore, it is quite involved to test. I recommend moving
on to other bugs, while I work on a blog post explaining
these features and provides examples that can be used to
verify the new functionality.
I'd also recommend the same QE contact verify both bugs.
This feature is not tested. RHCS subsystems installation and functional tests looks good.
Marking it verified sanity only.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.