[Freeipa-devel] [PATCH] 1028 service pac types
Rob Crittenden
rcritten at redhat.com
Mon Jun 25 21:38:24 UTC 2012
Simo Sorce wrote:
> On Mon, 2012-06-25 at 16:23 -0400, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> ----- Original Message -----
>>>> This patch is more a WIP than anything. I want to see if I'm on the
>>>> right track.
>>>
>>> Hi Rob,
>>> I don't think we need ipaDefaultKrbAuthzData, we can use the same attribute both in ipaGuiConfig and ipaService, where it is placed makes the difference.
>>>
>>> You haven't changed ipaService in the base ldif.
>>
>> On new installs the updates are still applied, gets added.
>
> Sure it 'works' but the ldif files are now incomplete and slightly
> misleading, is there a good reason to not update them ?
It is because it is in a file 60basev2.ldif. This is a v3 schema
addition. It is one confusing element over another.
>>> The 'UNIX-PAC' curent name is 'PAD' for Posix Authorization Data, we can call it 'PAD' in the pac_type field I think.
>>
>> Ok done.
>>
>> The ticket mentions something about marking some as critical. Is that
>> within the scope of this? I'm not sure what you had in mind for that.
>
> It is for the multi-PAC case, where we may decide to not attach stuff if
> the ticket become too big.
>
> But I think we should defer that part for later, when we will have
> multiple formats.
>
> Simo.
>
rob
More information about the Freeipa-devel
mailing list