[Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup
Petr Viktorin
pviktori at redhat.com
Wed Apr 9 15:14:52 UTC 2014
On 04/09/2014 05:08 PM, Martin Kosek wrote:
> On 04/09/2014 04:09 PM, Petr Viktorin wrote:
>> On 04/09/2014 03:26 PM, Martin Kosek wrote:
>>> On 04/09/2014 03:04 PM, Simo Sorce wrote:
>>>> On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
>>>>> On 04/08/2014 02:25 PM, Petr Viktorin wrote:
>>>>>> Hello,
>>>>>> These add read permissions to read user groups and hostgroups.
>>>>>>
>>>>>> For most attributes, anonymous read access is given.
>>>>>> For member, memberOf, memberUID, read access is given only to
>>>>>> authenticated users.
>>>>>
>>>>> Didn't we agree that we want to make hostgroups read by authenticated users
>>>>> only? Just like we did with netgroups. CCing Simo to confirm.
>>
>> Apologies, I misread the agreement.
>>
>>>>> Besides the default bind type, the ACI looked ok.
>>>>
>>>> I forgot if we decided anything about hostgroups, but they are not
>>>> necessary for an anonymous reader so we may as well not server them in
>>>> that case.
>>>>
>>>> Simo.
>>>>
>>>
>>> In that case Petr please consider changing 511 to only allow authenticated
>>> users to read hostgroups.
>>>
>>> Thanks,
>>> Martin
>>>
>>
>> Fixed patches attached.
>>
>
> Looks good. ACK!
>
> Martin
>
Thanks, pushed to master: 13f3ba5eb009a4af3bdb60a54e058fb5f62545dd
--
Petr³
More information about the Freeipa-devel
mailing list