[Freeipa-devel] [PATCH] 479 add service-disable command
Rob Crittenden
rcritten at redhat.com
Thu Jul 8 18:57:11 UTC 2010
Add API to delete a service principal key, service-disable. This is so
an admin can essentially revoke a service principal without deleting it.
I have to do some pretty low-level LDAP work to achieve this. Since we
can't read the key using our modlist generator won't work and lots of
tricks would be needed to use the LDAPUpdate object in any case. The
alternative is to add a function to the ldap2 backend that achieves
this, or something similar like 'delete_attrs'. I just didn't see a
general case for it.
I pulled usercertificate out of the global params and put into each
appropriate function because it makes no sense for service-disable.
I added tests to verify that the certificate we issue is found in the
service. This also double-checks that the service commands actually
return certificate data.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-479-service.patch
Type: application/mbox
Size: 7050 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100708/328cc924/attachment.mbox>
More information about the Freeipa-devel
mailing list