[Freeipa-devel] [PATCH] service principal deletion
Rob Crittenden
rcritten at redhat.com
Fri Jan 11 19:00:33 UTC 2008
Simo Sorce wrote:
> On Fri, 2008-01-11 at 13:38 -0500, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> On Fri, 2008-01-11 at 11:37 -0500, Rob Crittenden wrote:
>>>> This adds a principal show page to the UI and a button to delete a given
>>>> principal.
>>>>
>>>> Currently I just show the hostname and the service. There isn't anything
>>>> else that I know of that we can show.
>>>>
>>>> At some point hopefully we can add back the download link so a keytab
>>>> can be retrieved via the UI.
>>> Should we add filters to avoid deleting users by mistake?
>>> It seems the code just resolves any principal into a DN, it seem to me
>>> it will work to delete users too. I guess we need a servicePrincipal
>>> Objectclass at some point ...
>>>
>>> Simo.
>>>
>> It is true that one could fake a POST and pass in the DN of a user and
>> in all likelihood a delete would be attempted I'm not sure how much of a
>> risk this really is.
>
> It's not a security risk, so as long as find_service_principal()
> actually filters out anything not a service I guess this is all ok,
> please push.
>
> Simo.
Ok, pushed.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080111/846a73ac/attachment.bin>
More information about the Freeipa-devel
mailing list