Kerberos Fields Missing in Identities

Hi everyone,

We have an infrastructure with Kerberos realm based on FreeIPA which works smoothly and we wanted to allow hosts to retrieve some of the credentials via vault-agent or daemons. I.e. we wanted to give Vault PKI a go as an engine that can issue certificates for specific hosts. The issue we stumbled upon was that while it is possible to present LDAP tree in a way consumable by Vault, the group membership as well as prinicpal ID are missing in the identity metadata thus not allowing us to restrict actions per-host, i.e. via policy templating or allowed_domains_template in PKI engine.

Fortunately, there exists a PR [0] already that adds group membership into vault kerberos auth plugin. However it’s been there in the PR queue for a while, but noone responds in the comments. I tried mentioning some of the most notable reviewers there, but still got no answer.

Could you please help me to understand what it is the best way to comminucate with the maintainers to get the PR merged upstream? Am I doing something wrong?

Thank you.

[0] Add support for Identity groups by sbutler · Pull Request #51 · hashicorp/vault-plugin-auth-kerberos · GitHub