TIDS Access Control breaks on key change
Bug #1320993 reported by
Sam Hartman
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Moonshot Trust-Router |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
Currently, the TIDS command line requires that we specify the gss name of the trustrouter that will contact the tids.
However, when credentials change in the moonshot management portal, the gss name also changes.
As a result, if a trustrouter needs to be rekeyed, all tids need to be reconfigured.
This is clearly the wrong answer. We need to do something better.
Options include:
* Specify a wildcard match say *@apc_realm and have a radius attribute indicate whether the tids should trust the connection
* update the portal to keep credential names when rekeying the trust router
* Have the portal have user names like cred-xxx-
To post a comment you must log in.
