Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-10.1
Affects Version/s: rhel-10.0.beta
Component/s: ipa
Labels:
- cee.neXT

Regression:
None
Severity:
Important
Epic Link:
IDM-1256
sprint_count:
1

AssignedTeam:
rhel-idm-uah
Sub-System Group:

ssg_idm

Dev Target Milestone:
19
Story Points:
5
ACKs Check:

Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
RHELs: 10.1, 9.7

Preliminary Testing:
Fail
Test Coverage:
None

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Cloned from: https://pagure.io/freeipa/issue/9370

FreeIPA KDB driver stores and allows to retrieve a master key used by the Kerberos realm.  This functionality is implemented with `ipadb_fetch_master_key()` and `ipadb_store_master_key_list()` but they assume there is only one key stored (to be stored). Additionally, KDB driver does not provide `fetch_master_key_list()` (none of the in-tree krb5 KDB drivers provide a sensible version either).

Storing more than one master key is needed to allow migration to a different encryption type.

is duplicated by

RHEL-49448 Pagure #8628: kadmin's change_password command with -keepold option doesn't work [rhel-10]

Closed

RHEL-71802 RFE: Request to have a utility or way to upgrade kerberos master key in Rhel IdM

Closed

Assignee:: Julien Rische

Reporter:: Julien Rische

Developer:: Julien Rische

QA Contact:: Anuja More

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2024/07/17 9:03 AM

Updated:: 2025/10/01 12:58 PM

Stale Date:: 2026/07/09

Dev Target end:: 2025/07/07

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates