[Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts
Alexander Bokovoy
abokovoy at redhat.com
Wed Apr 16 13:15:29 UTC 2014
On Wed, 16 Apr 2014, Simo Sorce wrote:
>> + 'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo',
>> + 'ipanttrustposixoffset',
>> 'ipantsupportedencryptiontypes',
>> + 'ipantsidblacklistincoming',
>> 'ipantsidblacklistoutgoing',
>> + # ipaNTDomainAttrs:
>> + 'ipantsecurityidentifier', 'ipantflatname',
>> 'ipantdomainguid',
>> + 'ipantfallbackprimarygroup',
>> + },
>> + },
>> + }
>>
>> label = _('Trusts')
>> label_singular = _('Trust')
>
>In general I am not sure all authenticated users need access to all this
>info. Alexander ?
SSSD needs to read some of this information for subdomains support.
That would be at least host/*@REALM who needs to access it.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list