[Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup
Petr Viktorin
pviktori at redhat.com
Wed Apr 9 14:09:45 UTC 2014
On 04/09/2014 03:26 PM, Martin Kosek wrote:
> On 04/09/2014 03:04 PM, Simo Sorce wrote:
>> On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
>>> On 04/08/2014 02:25 PM, Petr Viktorin wrote:
>>>> Hello,
>>>> These add read permissions to read user groups and hostgroups.
>>>>
>>>> For most attributes, anonymous read access is given.
>>>> For member, memberOf, memberUID, read access is given only to authenticated users.
>>>
>>> Didn't we agree that we want to make hostgroups read by authenticated users
>>> only? Just like we did with netgroups. CCing Simo to confirm.
Apologies, I misread the agreement.
>>> Besides the default bind type, the ACI looked ok.
>>
>> I forgot if we decided anything about hostgroups, but they are not
>> necessary for an anonymous reader so we may as well not server them in
>> that case.
>>
>> Simo.
>>
>
> In that case Petr please consider changing 511 to only allow authenticated
> users to read hostgroups.
>
> Thanks,
> Martin
>
Fixed patches attached.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0510.2-Add-managed-read-permissions-to-group.patch
Type: text/x-patch
Size: 1585 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140409/ee558071/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0511.2-Add-managed-read-permission-to-hostgroup.patch
Type: text/x-patch
Size: 1596 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140409/ee558071/attachment-0001.bin>
More information about the Freeipa-devel
mailing list