URL:
https://github.com/SSSD/sssd/pull/5762
Author: pbrezina
Title: #5762: krb5: add support for oauth2 challenge (wip)
Action: edited
Changed field: body
Original value:
"""
## How to test
1. Install IPA server
2. On IPA server: install patched ipa:
```console
$ sudo dnf copr enable pbrezina/otp
$ sudo dnf upgrade freeipa\*
$ kinit admin
$ ipa user-add tuser --user-auth-type=idp --first Test --last User
$ sudo cp /usr/share/sssd/krb5-snippets/sssd_enable_oauth2 /etc/krb5.conf.d
$ sudo systemctl restart krb5kdc
```
Now authenticate as the `tuser`
```
# via kinit
kinit -n @IPA.VM -c armor
kinit -T armor tuser(a)IPA.VM
Authenticate with PIN 123456 at
https://visit.me and press ENTER.:
# via sssd
su tuser(a)ipa.vm
Authenticate with PIN 123456 at
https://visit.me and press ENTER.
```
The patched IPA does not make contact to any IdP, it just provides mocked values and
grants access.
"""