[Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test
Martin Kosek
mkosek at redhat.com
Thu Sep 18 14:28:19 UTC 2014
On 09/18/2014 04:06 PM, David Kupka wrote:
> On 09/18/2014 03:44 PM, Rob Crittenden wrote:
>> David Kupka wrote:
>>> https://fedorahosted.org/freeipa/ticket/4421
>>
>> You are removing an ACI in this patch. It is always possible it is no
>> longer needed. Did you test all the client enrollment scenarios?
>>
>> rob
>>
>
> As far as I'm aware I'm not removing any ACI. I'm modifying ACI so it is
> possible to add krbPrincipalName to host even when there is already one (or
> more). And adding one ACI to allow writing krbCanonicalName to host.
> But I'm still not really familiar with ACI so please correct me if I'm wrong.
>
What refers to is probably the update in ACI.txt - the ACI alternative to
API.txt. David updated an ACI, not removed it.
On that note, what is the reason for this permission change:
- 'ipapermtargetfilter': [
- '(objectclass=ipahost)',
- '(!(krbprincipalname=*))',
- ],
?
Martin
More information about the Freeipa-devel
mailing list