[Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts
Simo Sorce
ssorce at redhat.com
Wed Apr 16 13:42:36 UTC 2014
On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote:
> On Wed, 16 Apr 2014, Simo Sorce wrote:
> >> + 'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo',
> >> + 'ipanttrustposixoffset',
> >> 'ipantsupportedencryptiontypes',
> >> + 'ipantsidblacklistincoming',
> >> 'ipantsidblacklistoutgoing',
> >> + # ipaNTDomainAttrs:
> >> + 'ipantsecurityidentifier', 'ipantflatname',
> >> 'ipantdomainguid',
> >> + 'ipantfallbackprimarygroup',
> >> + },
> >> + },
> >> + }
> >>
> >> label = _('Trusts')
> >> label_singular = _('Trust')
> >
> >In general I am not sure all authenticated users need access to all this
> >info. Alexander ?
> SSSD needs to read some of this information for subdomains support.
> That would be at least host/*@REALM who needs to access it.
Can you please list exactly which ones are needed ?
Simo.
More information about the Freeipa-devel
mailing list