[Freeipa-devel] [PATCH] 0520 Add managed read permission to service

Martin Kosek mkosek at redhat.com
Thu Apr 24 09:47:48 UTC 2014


On 04/23/2014 02:22 PM, Petr Viktorin wrote:
> On 04/14/2014 01:04 PM, Petr Viktorin wrote:
>> Read access is given to all authenticated users.
>>
>> Exposed attributes are:
>> [top]
>>    objectClass
>> [ipaObject]
>>    ipaUniqueID
>> [ipaService]
>>    managedBy
>>    memberOf
>>    ipaKrbAuthzData  (a.k.a. pac_type)
>> [pkiUser]
>>    userCertificate
>> [krbPrincipalAux]
>>    krbPrincipalName
>>    krbCanonicalName
>>    krbPrincipalAliases
>>    krbPrincipalExpiration
>>    krbPasswordExpiration
>>    krbLastPwdChange
>> [krbTicketPolicyAux] - none
>> [ipaKrbPrincipal]
>>    krbPrincipalName
>>    ipaKrbPrincipalAlias
>> [krbPrincipal]
>>    krbPrincipalName
>>    krbObjectReferences
>>
>>
>> Kerberos-related attributes were discussed for hosts here:
>> http://www.redhat.com/archives/freeipa-devel/2014-April/msg00242.html
> 
> ping, any takers for the review?
> 

Works ok and is consistent with our Host access control settings. ACK.

Pushed to master: b9f69d4f0b310ed000fc7bde522f3657c032020b

Martin




More information about the Freeipa-devel mailing list