[Freeipa-devel] [PATCH] Add Kerberos Ticket Policy management plugin.

[Rob Crittenden]

Pavel Zuna wrote:
> Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Alright, here's my first shot at the Kerberos Ticket Policy 
>>> management plugin.
>>>
>>> It is also a "new type" of plugin. What I mean by that is that it 
>>> takes an optional primary key (username) as its first argument. If 
>>> used, policy for a specific user is being managed. If not, the global 
>>> policy is being managed.  If there's no value defined for a specific 
>>> user, the global value is displayed instead. This pattern could also 
>>> be applied to the pwpolicy plugin.
>>>
>>> The pwpolicy plugin currently doesn't even use the baseldap classes 
>>> and is a bit buggy*. So, if nobody minds, I'd like to rewrite it to 
>>> use this pattern. It should only take a few hours.
>>>
>>> * minor bugs in pwpolicy plugin:
>>> - it says that higher number in cosPriority means higher priority, 
>>> this isn't true
>>> - it is impossible to modify cosPriority using pwpolicy-mod, it 
>>> throws an exception, because it tries to set it in the wrong entry
>>>
>>> Pavel
>>
>> I'm having a problem getting this to apply to the tip. Does this 
>> depend on some other patches?
>>
>> patching file ipalib/plugins/baseldap.py
>> Hunk #5 succeeded at 346 (offset 152 lines).
>> Hunk #6 FAILED at 363.
>> Hunk #7 FAILED at 422.
>> Hunk #8 FAILED at 506.
>> Hunk #9 succeeded at 208 (offset -163 lines).
>> Hunk #10 succeeded at 566 (offset 152 lines).
>> Hunk #11 succeeded at 267 (offset -163 lines).
>> Hunk #12 succeeded at 873 (offset 150 lines).
>> 3 out of 12 hunks FAILED -- saving rejects to file 
>> ipalib/plugins/baseldap.py.rej
>> patching file ipalib/plugins/krbtpolicy.py
>>
>> rob
> There was a forgotten patch adding --all to LDAPCreate, I reposted it on 
> freeipa devel just now. I also generated a new version of the Kerberos 
> Ticket Policy plugin patch (attached), just in case.
> 
> Pavel
> 

ack, pushed to master