[Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup
Simo Sorce
ssorce at redhat.com
Wed Apr 9 13:04:37 UTC 2014
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
> On 04/08/2014 02:25 PM, Petr Viktorin wrote:
> > Hello,
> > These add read permissions to read user groups and hostgroups.
> >
> > For most attributes, anonymous read access is given.
> > For member, memberOf, memberUID, read access is given only to authenticated users.
>
> Didn't we agree that we want to make hostgroups read by authenticated users
> only? Just like we did with netgroups. CCing Simo to confirm.
>
> Besides the default bind type, the ACI looked ok.
I forgot if we decided anything about hostgroups, but they are not
necessary for an anonymous reader so we may as well not server them in
that case.
Simo.
More information about the Freeipa-devel
mailing list