RFE: enable gssapi support for PKI cli - Githubissues

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

https://www.dogtagpki.org

GNU General Public License v2.0

368 stars 136 forks source link

RFE: enable gssapi support for PKI cli #2714

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #2594. Originally filed by mgrigull@redhat.com (@ciphernaut) on 2017-02-09 19:39:30:

Assigned to ftweedal (@frasertweedale)

At present we use password prompt for 'pki' tool interacting with service endpoint.

We would like to use either kerberos ticket or personal SSL certificates to authenticate with the endpoint instead of using OTP password (as per our current implementation) and also avoid needing a 'shared' account.

Use of cached credentials in either form would allow us to script certificate generation for the large number of systems we maintain.

pki-bot commented 4 years ago

Comment from mgrigull@redhat.com (@ciphernaut) at 2017-02-27 14:10:21

Metadata Update from @ciphernaut:

Issue set to the milestone: 0.0 NEEDS_TRIAGE

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-03-03 14:54:01

Fraser -- don't know if this is associated with other GSS API work or not.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-03-03 14:54:05

Metadata Update from @mharmsen:

Custom field feature adjusted to ''
Custom field proposedmilestone adjusted to ''
Custom field proposedpriority adjusted to ''
Custom field reviewer adjusted to ''
Custom field version adjusted to ''
Issue assigned to frasertweedale
Issue close_status updated to: None
Issue priority set to: 2
Issue set to the milestone: 10.4 (was: 0.0 NEEDS_TRIAGE)

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2017-03-05 19:17:11

@mharmsen it's about adding support for GSS-API authn to the cli command line program; subsequent to the server-side implementation.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-04-07 11:40:21

Per email correspondence with frasertweedale on 04/07/2017: 10.5

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-04-07 11:40:22

Metadata Update from @mharmsen:

Issue set to the milestone: 10.5 (was: 10.4)

pki-bot commented 4 years ago

Comment from vakwetu (@vakwetu) at 2017-08-31 14:25:18

client auth with personal SSL certificates has always been available for the pki CLI. Make sure you are defined as an agent and have an agent cert uploaded.

http://pki.fedoraproject.org/wiki/Handling_Certificate_Request

Propose to rename this issue to:

RFE: enable gssapi support for PKI cli

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-08-31 14:29:42

Metadata Update from @mharmsen:

Issue priority set to: major (was: critical)
Issue set to the milestone: FUTURE (was: 10.5)

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-04-10 16:51:07

Per 10.5.x/10.6 Triage: FUTURE

RHBZ: CLOSED UPSTREAM

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-04-10 16:51:09

Metadata Update from @mharmsen:

Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1415892)