With root privileges, it is possible to dump the admin kerberos ticket and write it to an environmentvariable, after which it is possible to get the privileges of the domain administrator, whose ticket was dumped.
Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 2263012]
Is there some additional information on this issue? Is there an upstream issue to track it and/or a upstream fix?
From FreeIPA team: we do object on classifying this as a security issue. If you are root on IdM server, you have game done. You are not required to get 'admin credentials'. This is why we asked to not have a CVE assigned to this "issue".