[Freeipa-devel] [PATCH 0233] trusts: Add more read attributes
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 25 11:54:39 UTC 2014
On Wed, 25 Jun 2014, Tomas Babej wrote:
>
>On 06/25/2014 11:45 AM, Petr Viktorin wrote:
>> On 06/24/2014 08:15 PM, Tomas Babej wrote:
>>> Attaching patch 234, which resolves another ACI issue related to trusts.
>>>
>>> On 06/24/2014 02:50 PM, Tomas Babej wrote:
>>>> Hi,
>>>>
>>>> this is a follow up patch for 232. Read access to additional attributes
>>>> is required for the trust objects.
>>>>
>>
>> First patch looks fine.
>>
>> For the second: should the trust ACIs apply to other objects than
>> (objectclas=ipanttrusteddomain)?
>> If not, we can enable "--type=trust" permissions and use it to specify
>> location & filter, see attached patch.
>>
>>
>Turns out there are also kerberos principals stored under cn=trust tree
>and this filter would block the access to them.
>
>Attached is a new version of 234, which allows reading krbPrincipalName
>as well.
ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list