[Freeipa-devel] [PATCHES] 0536-0537 Add ACI for read-only admin attributes
Petr Viktorin
pviktori at redhat.com
Wed Apr 23 18:37:12 UTC 2014
Admin access to read-only attributes such as ipaUniqueId, memberOf,
krbPrincipalName is provided by the anonymous read ACI, which will go
away. This patch adds a blanket read ACI for these.
I also moved some related ACIs to 20-aci.update.
Previously krbPwdHistory was also readable by admins. I don't think we
want to include that.
Simo, should admins be allowed to read krbExtraData?
The second patch makes the test suite pass with the anon read ACI removed.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0536-Add-ACI-for-read-only-admin-attributes.patch
Type: text/x-patch
Size: 12952 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140423/17c64a5c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0537-test_ldap-Read-a-publicly-accessible-attribute-when-.patch
Type: text/x-patch
Size: 1410 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140423/17c64a5c/attachment-0001.bin>
More information about the Freeipa-devel
mailing list