Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-31907

Pagure #9370: kdb: support storing and retrieving multiple master keys [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.7
    • rhel-9.5
    • ipa
    • None
    • ipa-4.12.2-19.el9
    • None
    • Important
    • 1
    • rhel-idm-uah
    • ssg_idm
    • 19
    • 21
    • 5
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • RHELs: 10.1, 9.7
    • Fail
    • None
    • Release Note Not Required
    • Hide
      Cause:
      Consequence:
      Fix:
      Result:
      Show
      Cause: Consequence: Fix: Result:
    • Proposed
    • None 

      Cloned from: https://pagure.io/freeipa/issue/9370

FreeIPA KDB driver stores and allows to retrieve a master key used by the Kerberos realm.  This functionality is implemented with `ipadb_fetch_master_key()` and `ipadb_store_master_key_list()` but they assume there is only one key stored (to be stored). Additionally, KDB driver does not provide `fetch_master_key_list()` (none of the in-tree krb5 KDB drivers provide a sensible version either).

Storing more than one master key is needed to allow migration to a different encryption type.

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              Anuja More Anuja More
              Michal Stubna Michal Stubna
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: