[Freeipa-devel] [PATCH] service principal deletion
Rob Crittenden
rcritten at redhat.com
Fri Jan 11 18:38:30 UTC 2008
Simo Sorce wrote:
> On Fri, 2008-01-11 at 11:37 -0500, Rob Crittenden wrote:
>> This adds a principal show page to the UI and a button to delete a given
>> principal.
>>
>> Currently I just show the hostname and the service. There isn't anything
>> else that I know of that we can show.
>>
>> At some point hopefully we can add back the download link so a keytab
>> can be retrieved via the UI.
>
> Should we add filters to avoid deleting users by mistake?
> It seems the code just resolves any principal into a DN, it seem to me
> it will work to delete users too. I guess we need a servicePrincipal
> Objectclass at some point ...
>
> Simo.
>
It is true that one could fake a POST and pass in the DN of a user and
in all likelihood a delete would be attempted I'm not sure how much of a
risk this really is.
Users will never be displayed as the search filter includes
(!(objectClass=person))
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080111/9f441d20/attachment.bin>
More information about the Freeipa-devel
mailing list