[Freeipa-devel] [PATCH] s4u2proxy support

Dmitri Pal dpal at redhat.com
Tue Dec 13 00:17:52 UTC 2011


On 12/12/2011 07:15 PM, Simo Sorce wrote:
> On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
>> This patch adds support for s4u2proxy. This means that the Apache
>> server 
>> will obtain the ldap service ticket on behalf of the user rather than 
>> the using having to send their TGT. The user's ticket still needs to
>> be 
>> forwardable, we just don't require it to be forwarded any more.
>
> Should we make the patch allow the old behavior by using a switch that
> revert to forwarding the TGT ?
>
> It would be useful during upgrades if some of your servers still need
> forwarded TGTs, or if you want to use a newer client against an old
> server while you have the newer stuff under test.
> (And to test in general).
>
> Simo.
+1

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-devel mailing list