On Чцв, 07 вер 2023, Sam Morris via FreeIPA-users wrote:
On 07/09/2023 13:35, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 07 вер 2023, Sam Morris wrote:
On Wed, Sep 06, 2023 at 02:50:32PM +0300, Alexander Bokovoy via
FreeIPA-users wrote:
It would help to see logs (krb5kdc.log) from RHEL8 servers for this
communication, both on ipa5/ipa6 and back to xoanon.
I've created a script to test this automatically.
Thank you!
I filed https://pagure.io/freeipa/issue/9448 to track this issue.
I'll be on vacation next week and Julien (krb5 maintainer) is on
vacation too, so we'll look at it after we are both back to work.
You're welcome, enjoy your vacation!
I want to close down a loop here. We ended up implementing a dynamic
Kerberos PAC ticket signature enforcement mechanism to address
cross-version interoperability issue.
https://access.redhat.com/articles/7046409 documents fixes to this
issue, thanks to Julien (krb5 maintainer). If you don't have free RHEL
developer subscription, then one can be subscribed to at
https://developers.redhat.com/about.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
