[Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name
Petr Viktorin
pviktori at redhat.com
Mon Apr 14 16:54:20 UTC 2014
Hello,
The first patch adds default read permissions to krbtpolicy. Since the
plugin manages entries in two trees, there are two permissions. Since
two permissions are needed to cover krbtpolicy, it can't be used as a
permission's --type.
The permissions are added to a new privilege, 'Kerberos Ticket Policy
Readers'.
The second patch adds an ACI for reading the Kerberos realm name. Since
client enrollment won't work without this, I don't see a reason for
having it managed by a permission.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0521-Add-managed-read-permissions-to-krbtpolicy.patch
Type: text/x-patch
Size: 3655 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140414/db7ba4db/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0522-Allow-anonymous-read-access-to-Kerberos-realm-contai.patch
Type: text/x-patch
Size: 1224 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140414/db7ba4db/attachment-0001.bin>
More information about the Freeipa-devel
mailing list