Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-49451

Pagure #9370: kdb: support storing and retrieving multiple master keys [rhel-7]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • rhel-7-els
    • rhel-7.9.z
    • ipa
    • None
    • Important
    • 2
    • rhel-idm-ipa
    • ssg_idm
    • 5
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • 2025-Q1-Bravo-S3, 2025-Q1-Bravo-S4
    • None
    • None
    • None

      https://pagure.io/freeipa/issue/9370

      Cloned from: https://pagure.io/freeipa/issue/9370
      
      FreeIPA KDB driver stores and allows to retrieve a master key used by the Kerberos realm.  This functionality is implemented with `ipadb_fetch_master_key()` and `ipadb_store_master_key_list()` but they assume there is only one key stored (to be stored). Additionally, KDB driver does not provide `fetch_master_key_list()` (none of the in-tree krb5 KDB drivers provide a sensible version either).
      
      Storing more than one master key is needed to allow migration to a different encryption type.
      

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              IPA QE Bot IPA QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: