Bug 1656126 - [RFE] add pkinit_cert_match feature
Summary: [RFE] add pkinit_cert_match feature
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5
Version: 7.6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: Filip Dvorak
URL:
Whiteboard:
: 1682963 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-04 18:40 UTC by Jacob Hunt
Modified: 2019-11-19 12:50 UTC (History)
4 users (show)

Fixed In Version: krb5-1.15.1-46.el7
Doc Type: Enhancement
Doc Text:
Feature: Filtering of which certificates can be used for PKINIT. Reason: Allows additional constraints to be imposed, as well as selecting which cert from a group is to be used. Result: The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Jacob Hunt 2018-12-04 18:40:18 UTC
Description of problem:

Request to backport the 'pkinit_cert_match' feature from upstream 1.6 version.

~~~
Major changes in 1.16 (2017-12-05)

Administrator experience

        The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option. 
~~~

Version-Release number of selected component (if applicable):

krb-1.15.1-34

Comment 8 Robbie Harwood 2019-03-21 17:28:00 UTC
*** Bug 1682963 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.