On 08/17/2016 02:42 PM, Pavel Vomacka wrote:
On 08/11/2016 07:49 PM, Petr Vobornik wrote:
On 08/11/2016 07:21 PM, Martin Basti wrote:
On 11.08.2016 18:57, Pavel Vomacka wrote:
On 08/11/2016 02:00 PM, Petr Vobornik wrote:
On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
On Thu, 11 Aug 2016, Jan Cholasta wrote:
On 4.8.2016 17:27, Jan Pazdziora wrote:
On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
Got it. One thing I would correct, though, -- don't use
kadmin.local, we
do support setting ok_as_delegate on the service principals
via IPA
CLI:
$ ipa service-mod --help |grep -A1 ok-as-delegate
--ok-as-delegate=BOOL
Client credentials may be delegated to
the
service
I've tried
ipa service-mod --ok-as-delegate=True HTTP/$(hostname)
but that does not seem to have the same effect as
modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test
-- obtaining the delegated certificated fails.
That's because ok_as_delegate and ok_to_auth_as_delegate are
different
flags.
Right. The following patch adds ok_to_auth_as_delegate to the
service
principal.
I haven't added any tickets to it yet.
This might deserve also nice Web UI checkbox similar to "Trusted for
delegation". CCing Pavel.
Here is patch with new checkbox. It is without ticket in commit
message so
once we will have the ticket I will send another patch witch
updated commit
message.
https://fedorahosted.org/freeipa/newticket
;-)
It's prerequisite for https://fedorahosted.org/freeipa/ticket/5764 so we
might use that.
Thank you, patch with updated commit message attached.
Attached patch adds checkbox also to host page.
--
Pavel^3 Vomacka
From dd28fcd09582d8b2a841ecea556d051074b45f79 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka <pvoma...@redhat.com>
Date: Thu, 11 Aug 2016 18:53:55 +0200
Subject: [PATCH] Add 'trusted to auth as user' checkbox
Add new checkbox to host and service details page
Prerequisite for: https://fedorahosted.org/freeipa/ticket/5764
---
install/ui/src/freeipa/host.js | 5 +++++
install/ui/src/freeipa/service.js | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index 33d443c2bc96c385bd13abf4d85adda6e51db718..87cf264ef20b79aceed639f45d926fd7aef19edf 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -142,6 +142,11 @@ return {
flags: ['w_if_no_aci']
},
{
+ name: 'ipakrboktoauthasdelegate',
+ $type: 'checkbox',
+ acl_param: 'krbticketflags'
+ },
+ {
name: 'ipaassignedidview',
$type: 'link',
label: '@i18n:objects.idview.ipaassignedidview',
diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js
index 35d486605ebfee41d8b3ffa5bb77bf9e72a60c01..30e336c35b8eece2e5e3ef55629d0c98f097fbf5 100644
--- a/install/ui/src/freeipa/service.js
+++ b/install/ui/src/freeipa/service.js
@@ -142,6 +142,11 @@ return {
acl_param: 'krbticketflags'
},
{
+ name: 'ipakrboktoauthasdelegate',
+ $type: 'checkbox',
+ acl_param: 'krbticketflags'
+ },
+ {
name: 'ipakrbrequirespreauth',
$type: 'checkbox',
acl_param: 'krbticketflags'
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code