[Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects
Martin Basti
mbasti at redhat.com
Fri Jun 24 13:14:59 UTC 2016
On 24.06.2016 15:11, Sumit Bose wrote:
> On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote:
>> https://fedorahosted.org/freeipa/ticket/433
> The patch works for me as expected, but the API.txt update is missing in
> the patch.
>
> bye,
> Sumit
There are no updated managed permissions for krbprincipalauthind
attribute in hosts.py, is this omitted on purpose?
Martin^2
>
>> From c7254a9dd182b34665b50c45c5ece42a3cbc56e2 Mon Sep 17 00:00:00 2001
>> From: Nathaniel McCallum <npmccallum at redhat.com>
>> Date: Tue, 21 Jun 2016 14:19:03 -0400
>> Subject: [PATCH] Add authentication indicators support to Host objects
>>
>> https://fedorahosted.org/freeipa/ticket/433
>> ---
>> ipaserver/plugins/host.py | 17 ++++++++++++++++-
>> 1 file changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
>> index 15805a3d2292dcf176ec52afdd3885563eea1210..905116e9c4d12c9e35bb82a5ff2c7bd8b920e80d 100644
>> --- a/ipaserver/plugins/host.py
>> +++ b/ipaserver/plugins/host.py
>> @@ -294,7 +294,7 @@ class host(LDAPObject):
>> 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
>> 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof',
>> 'managedby', 'memberofindirect', 'macaddress',
>> - 'userclass', 'ipaallowedtoperform', 'ipaassignedidview',
>> + 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind'
>> ]
>> uuid_attribute = 'ipauniqueid'
>> attribute_members = {
>> @@ -529,6 +529,14 @@ class host(LDAPObject):
>> label=_('Assigned ID View'),
>> flags=['no_option'],
>> ),
>> + Str('krbprincipalauthind*',
>> + cli_name='auth_ind',
>> + label=_('Authentication Indicators'),
>> + doc=_("Defines a whitelist for Authentication Indicators."
>> + " Use 'otp' to allow OTP-based 2FA authentications."
>> + " Use 'radius' to allow RADIUS-based 2FA authentications."
>> + " Other values may be used for custom configurations."),
>> + ),
>> ) + ticket_flags_params
>>
>> def get_dn(self, *keys, **options):
>> @@ -910,6 +918,13 @@ class host_mod(LDAPUpdate):
>> if 'krbticketpolicyaux' not in entry_attrs['objectclass']:
>> entry_attrs['objectclass'].append('krbticketpolicyaux')
>>
>> + if 'krbprincipalauthind' in entry_attrs:
>> + if 'objectclass' not in entry_attrs:
>> + entry_attrs_old = ldap.get_entry(dn, ['objectclass'])
>> + entry_attrs['objectclass'] = entry_attrs_old['objectclass']
>> + if 'krbprincipalaux' not in entry_attrs['objectclass']:
>> + entry_attrs['objectclass'].append('krbprincipalaux')
>> +
>> add_sshpubkey_to_attrs_pre(self.context, attrs_list)
>>
>> return dn
>> --
>> 2.9.0
>>
More information about the Freeipa-devel
mailing list