On 17.8.2016 16:36, Stanislav Laznicka wrote:
On 08/17/2016 03:50 PM, Pavel Vomacka wrote:

On 08/17/2016 02:42 PM, Pavel Vomacka wrote:

On 08/11/2016 07:49 PM, Petr Vobornik wrote:
On 08/11/2016 07:21 PM, Martin Basti wrote:

On 11.08.2016 18:57, Pavel Vomacka wrote:

On 08/11/2016 02:00 PM, Petr Vobornik wrote:
On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
On Thu, 11 Aug 2016, Jan Cholasta wrote:
On 4.8.2016 17:27, Jan Pazdziora wrote:
On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy
Got it. One thing I would correct, though, -- don't use
kadmin.local, we
do support setting ok_as_delegate on the service principals
via IPA
$ ipa service-mod --help |grep -A1 ok-as-delegate
                        Client credentials may be delegated
to the
I've tried

      ipa service-mod --ok-as-delegate=True HTTP/$(hostname)

but that does not seem to have the same effect as

      modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test

-- obtaining the delegated certificated fails.
That's because ok_as_delegate and ok_to_auth_as_delegate are
Right. The following patch adds ok_to_auth_as_delegate to the

I haven't added any tickets to it yet.

This might deserve also nice Web UI checkbox similar to "Trusted for
delegation". CCing Pavel.

Here is patch with new checkbox. It is without ticket in commit
message so
once we will have the ticket I will send another patch witch
updated commit

It's prerequisite for https://fedorahosted.org/freeipa/ticket/5764
so we
might use that.
Thank you, patch with updated commit message attached.

Attached patch adds checkbox also to host page.

Thank you, works as expected. ACK.

Pushed to master: c36d721a01106e24186bd6b2f0fc74d7af31d5ba

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to