Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-143523

Renew IPA service keys and keytabs when key/salt types missing

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • ipa
    • None
    • rhel-idm-uah
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The testing work that was done for the freeipa#7861 pull request has shown that IPA is missing an automated mechanism renew IPA service keys and their keytabs when support for new key/salt types is introduced. Not doing so may eventually make upgrade to new RHEL versions impossible.

      This process should be automated, but there might be ways to still accept the previous versions of the service keys to not invalidate active tickets.

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: