Alexander Bokovoy wrote: > On Пят, 15 ліс 2024, Magnus Sandberg via FreeIPA-users wrote: > > > > First of all, thanks for spending time answering my questions. > > > > If I understand you correct the KDC policy sees the remote address the > > client uses in the connection to the KDC, if using IP protocols. > > Wouldn't that be enough to create the policy I'm thinking of? Also > > accepting the upcoming local UNIX socket. > It is the other way around. KDC policy plugin doesn't get access to the > remote address the client actually used, only to the list of addresses > it might have presented to the KDC as a part of the request. So it > cannot decide based on where the request came from.
Thanks for explaining. Regards, // mem -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
