[Freeipa-devel] [PATCH 0233] trusts: Add more read attributes
Petr Viktorin
pviktori at redhat.com
Wed Jun 25 13:02:12 UTC 2014
On 06/25/2014 01:54 PM, Alexander Bokovoy wrote:
> On Wed, 25 Jun 2014, Tomas Babej wrote:
>>
>> On 06/25/2014 11:45 AM, Petr Viktorin wrote:
>>> On 06/24/2014 08:15 PM, Tomas Babej wrote:
>>>> Attaching patch 234, which resolves another ACI issue related to
>>>> trusts.
>>>>
>>>> On 06/24/2014 02:50 PM, Tomas Babej wrote:
>>>>> Hi,
>>>>>
>>>>> this is a follow up patch for 232. Read access to additional
>>>>> attributes
>>>>> is required for the trust objects.
>>>>>
>>>
>>> First patch looks fine.
>>>
>>> For the second: should the trust ACIs apply to other objects than
>>> (objectclas=ipanttrusteddomain)?
>>> If not, we can enable "--type=trust" permissions and use it to specify
>>> location & filter, see attached patch.
>>>
>>>
>> Turns out there are also kerberos principals stored under cn=trust tree
>> and this filter would block the access to them.
>>
>> Attached is a new version of 234, which allows reading krbPrincipalName
>> as well.
>
> ACK.
>
Pushed to master: c2e6b74029e08a4eadb7a14a4c711febfc83b5be
--
Petr³
More information about the Freeipa-devel
mailing list