Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.10.z
Component/s: ipa
Labels:
- commit
- fixed-upstream

Regression:
None
Severity:
Important
Epic Link:
IDM-1254
sprint_count:
1

AssignedTeam:
rhel-idm-uah
Sub-System Group:

ssg_idm

Story Points:
5
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
RHELs: 8.10.z

Git Pull Request:
https://github.com/freeipa/freeipa/pull/7861
Preliminary Testing:
None
Test Coverage:
None

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Cloned from: https://pagure.io/freeipa/issue/9370

FreeIPA KDB driver stores and allows to retrieve a master key used by the Kerberos realm.  This functionality is implemented with `ipadb_fetch_master_key()` and `ipadb_store_master_key_list()` but they assume there is only one key stored (to be stored). Additionally, KDB driver does not provide `fetch_master_key_list()` (none of the in-tree krb5 KDB drivers provide a sensible version either).

Storing more than one master key is needed to allow migration to a different encryption type.

blocks

RHEL-4888 Generate AES SHA-2 HMAC keys on deployed IPA instances in FIPS mode

In Progress

is duplicated by

RHEL-49441 Pagure #8628: kadmin's change_password command with -keepold option doesn't work [rhel-8]

Closed

Assignee:: Julien Rische

Reporter:: Julien Rische

Developer:: Julien Rische

QA Contact:: IPA QE Bot

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/04/05 12:07 PM

Updated:: 2025/12/03 12:50 PM

Stale Date:: 2026/06/25

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates