Bug 1656126 - [RFE] add pkinit_cert_match feature
Summary: [RFE] add pkinit_cert_match feature
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5
Version: 7.6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: Filip Dvorak
URL:
Whiteboard:
: 1682963 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-04 18:40 UTC by Jacob Hunt
Modified: 2020-03-31 19:41 UTC (History)
4 users (show)

Fixed In Version: krb5-1.15.1-46.el7
Doc Type: Enhancement
Doc Text:
Feature: Filtering of which certificates can be used for PKINIT. Reason: Allows additional constraints to be imposed, as well as selecting which cert from a group is to be used. Result: The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
Clone Of:
Environment:
Last Closed: 2020-03-31 19:41:21 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1029 None None None 2020-03-31 19:41:40 UTC

Description Jacob Hunt 2018-12-04 18:40:18 UTC
Description of problem:

Request to backport the 'pkinit_cert_match' feature from upstream 1.6 version.

~~~
Major changes in 1.16 (2017-12-05)

Administrator experience

        The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option. 
~~~

Version-Release number of selected component (if applicable):

krb-1.15.1-34

Comment 8 Robbie Harwood 2019-03-21 17:28:00 UTC
*** Bug 1682963 has been marked as a duplicate of this bug. ***

Comment 17 errata-xmlrpc 2020-03-31 19:41:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1029


Note You need to log in before you can comment on or make changes to this bug.