Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: rhel-7-els
Affects Version/s: rhel-7.9.z
Component/s: ipa
Labels:
- commit
- sustaining

Regression:
None
Severity:
Important
Epic Link:
IDM-1254
sprint_count:
2

AssignedTeam:
rhel-idm-ipa
Sub-System Group:

ssg_idm

Story Points:
5
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
2025-Q1-Bravo-S3, 2025-Q1-Bravo-S4

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

https://pagure.io/freeipa/issue/9370

Cloned from: https://pagure.io/freeipa/issue/9370

FreeIPA KDB driver stores and allows to retrieve a master key used by the Kerberos realm.  This functionality is implemented with `ipadb_fetch_master_key()` and `ipadb_store_master_key_list()` but they assume there is only one key stored (to be stored). Additionally, KDB driver does not provide `fetch_master_key_list()` (none of the in-tree krb5 KDB drivers provide a sensible version either).

Storing more than one master key is needed to allow migration to a different encryption type.

is duplicated by

RHEL-49450 Pagure #8628: kadmin's change_password command with -keepold option doesn't work [rhel-7]

Closed

Assignee:: Julien Rische

Reporter:: Julien Rische

Developer:: Julien Rische

QA Contact:: IPA QE Bot

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/07/17 9:25 AM

Updated:: 2025/03/06 8:38 AM

Resolved:: 2025/03/06 8:38 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide