[Freeipa-devel] [PATCH] 320 Only use service PAC type as an override
Martin Kosek
mkosek at redhat.com
Wed Oct 3 06:55:19 UTC 2012
On 10/02/2012 10:31 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> PAC type (ipakrbauthzdata attribute) was being filled for all new
>> service automatically. However, the PAC type attribute was designed
>> to serve only as an override to default PAC type configured in
>> IPA config. With PAC type set in all services, users would have
>> to update all services to get new PAC types configured in IPA config.
>>
>> Do not set PAC type for new services. Add new NONE value meaning that
>> we do not want any PAC for the service (empty/missing attribute means
>> that the default PAC type list from IPA config is read).
>>
>> https://fedorahosted.org/freeipa/ticket/2184
>>
>> ---
>>
>> Note: the new NONE value of service PAC type was planned in a scope of ticket
>> #2960.
>
> ACK, but before you push can you add the jist of this commit message to the
> help for PAC type in the service command help so users will understand the
> difference between NONE and blank?
>
> rob
>
Good idea. I updated doc of this attribute in service plugin and also doc/label
of a relevant config option to help user distinguish what is a default and what
is an override.
Pushed to master, ipa-3-0.
Martin
More information about the Freeipa-devel
mailing list