18 Nov
2024
18 Nov
'24
2:15 a.m.
Alexander Bokovoy wrote:
On Пят, 15 ліс 2024, Magnus Sandberg via FreeIPA-users wrote:
First of all, thanks for spending time answering my questions.
If I understand you correct the KDC policy sees the remote address the client uses in the connection to the KDC, if using IP protocols. Wouldn't that be enough to create the policy I'm thinking of? Also accepting the upcoming local UNIX socket.
It is the other way around. KDC policy plugin doesn't get access to the remote address the client actually used, only to the list of addresses it might have presented to the KDC as a part of the request. So it cannot decide based on where the request came from.
Thanks for explaining.
Regards, // mem