On Tue, 2009-10-20 at 12:02 -0400, Rob Crittenden wrote:
> First pass at enforcing certificates be requested from same host
> We want to only allow a machine to request a certificate for itself, not 
> for other machines. I've added a new taksgroup which will allow this.
> The requesting IP is resolved and compared to the subject of the CSR to 
> determine if they are the same host. The same is done with the service 
> principal. Subject alt names are not queried yet.
> This does not yet grant machines actual permission to request 
> certificates yet, that is still limited to the taskgroup request_certs.
> This also fixes some minor typos I discovered.
> rob

ack.  pushed to master.

Freeipa-devel mailing list

Reply via email to