[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code
HonzaCholasta
freeipa-github-notification at redhat.com
Tue Feb 14 10:55:02 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, I don't think this is the correct approach. Rather than deleting `context.session_cookie` in `RPCClient.destroy_connection()` when requested, it should be done automatically in `RPCClient.create_connection()` when the principal name in the ccache is different from the principal name of the cookie.
Also, IMHO it would be preferable to keep the changes in `ipatest/util.py` in a separate commit and not mix them with the generic changes not related only to tests in `ipalib/rpc.py`.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/314#issuecomment-279675537
More information about the Freeipa-devel
mailing list