On ke, 23 loka 2019, Charles Hedrick wrote:
The kdc doesn’t supply the remote address to the policy plugin,
unless
I’m totally misreading the source code. I’m currently investigating
ways of doing it externally, whether ebpf or something else.
Ok.
The interface (krb5_kdc_req struct) still has addresses there but they
might not be filled in. The krb5_kdc_req struct is supplied to the
policy plugin.
On Oct 22, 2019, at 9:40 AM, Alexander Bokovoy
<abokovoy@redhat.com<mailto:abokovoy@redhat.com>> wrote:
I'm not really sure there will be any work on implementing something
like this but we are working on KDC policy extensions already.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland