[Freeipa-devel] [PATCH] 792 add --hosts option to allow/retrieve keytab methods
Jan Cholasta
jcholast at redhat.com
Wed Dec 3 11:35:08 UTC 2014
Dne 1.12.2014 v 19:25 Petr Vobornik napsal(a):
> On 12/01/2014 02:33 PM, Jan Cholasta wrote:
>> Hi,
>>
>> Dne 1.12.2014 v 14:17 Petr Vobornik napsal(a):
>>> `--hosts` option added to:
>>> * service-allow-create-keytab
>>> * service-allow-retrieve-keytab
>>> * service-disallow-create-keytab
>>> * service-disallow-retrieve-keytab
>>> * host-allow-create-keytab
>>> * host-allow-retrieve-keytab
>>> * host-disallow-create-keytab
>>> * host-disallow-retrieve-keytab
>>>
>>> in order to allow hosts to retrieve keytab of their services or related
>>> hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval
>>> design page
>>>
>>> https://fedorahosted.org/freeipa/ticket/4777
>>
>> Since groups of users are supported with "group" members, we should
>> probably also support groups of hosts with "hostgroup" members, for
>> consistency.
>
> --hostgroup options added.
Thanks, ACK.
Fixed a typo in host.py:
+ label=_('Hosts Groups allowed to create keytab'),
^
and pushed to:
master: 026c9eca0920e92e56148b808c851e9bde00ece8
ipa-4-1: 1108e7145538f84da2e0dfdf4fb0e76583575dd2
>
>>
>>>
>>>
>>> I'm pondering how to handle Web UI. I'm not font of adding a third pair
>>> of tables to host and service details pages because the amount of space
>>> on the page required for the keytab management is much bigger than its
>>> importance compared to other fields.
>>
>> Honza
>>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list