Alexander Bokovoy
Alexander Bokovoy
Addresses #108 with a small LRU cache replacement based on the OrderedDict.
Port Jose code to use contemporary OpenSSL API, allowing to use external engines and algorithms provided by them.
When authentication indicators were introduced in 2016, ipa-pwd-extop plugin gained ability to reject LDAP BIND when an LDAP client insists the authentication must use an OTP token. This is used...
For NIS maps only POSIX groups make sense. Limit searches to those. This should avoid pulling groups like 'ipausers' into NIS maps. It also will help with large non-POSIX groups...
Even though wildcard support is enabled by default in ACME pki issuer, it cannot be used with DNS challenge. ``` # certbot -v certonly --server https://ipa-ca.ipa.test/acme/directory --manual -d *.ipa.test --preferred-challenges...
Kerberos ticket may include additional authorization data (AD) information. With MIT Kerberos 1.21 a minimal PAC AD is included. In Active Directory or FreeIPA environments where a full PAC AD...
While ansible-freeipa allows to have multiple IPA actions in the same block, they still submitted to IPA server separately. This causes a slowdown. Instead, a batch command from IPA API...
With hardening against CVE-2020-25717, FreeIPA KDC now performs a number of checks for SIDs of user accounts. Namely: - domain SID of a user account SID must correspond to the...
RHEL 8.3+ already deprecated support for NIS protocol. RHEL 9 does not ship NIS client side RHEL 10 removes NIS server emulator support Fixes: https://pagure.io/freeipa/issue/9363