[Freeipa-devel] [WIP][PATCH] 120 Add Kerberos ticket flags management to service and host plugins
Martin Kosek
mkosek at redhat.com
Mon Mar 25 13:41:46 UTC 2013
On 03/18/2013 12:38 PM, Jan Cholasta wrote:
> Hi,
>
> this patch implements <https://fedorahosted.org/freeipa/ticket/3329>.
>
> Because the design is not finished yet, this is a minimal implementation - it
> uses the krbTicketFlags attribute directly (which means no delegation of rights
> to modify specific flags to specific admins) and there is no support for
> per-service type default values.
>
> Honza
>
>
I checked what you have already and this is what I found:
1) Internal error if I try to remove krbticketflags via *attr functions:
# ipa service-add foo/`hostname` --setattr=krbticketflags=None
ipa: ERROR: an internal error has occurred
# ipa service-add foo/`hostname`
------------------------------------------------------------------------
Added service "foo/vm-037.idm.lab.bos.redhat.com at IDM.LAB.BOS.REDHAT.COM"
------------------------------------------------------------------------
# ipa service-mod foo/`hostname` --setattr=krbticketflags=None
ipa: ERROR: an internal error has occurred
2) The RFE page needs updating, it does not reflect current reality. AFAIU, the
only thing that's left to be decided is the granularity of the ACIs used to
control this flag.
Otherwise, the patch works fine.
Martin
More information about the Freeipa-devel
mailing list