[Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs
thierry bordaz
tbordaz at redhat.com
Mon Sep 22 07:33:20 UTC 2014
Hello Nathaniel,
Just a remark, in is_token if the entry is objectclass=ipaToken it
returns without freeing the 'objectclass' char array.
thanks
thierry
On 09/21/2014 09:07 PM, Nathaniel McCallum wrote:
> Users that can rename the token (such as admins) can also create
> non-UUID token names.
>
> https://fedorahosted.org/freeipa/ticket/4456
>
> NOTE: this patch is an alternate approach to my patch 0065. This version
> has two main advantages compared to 0065:
> 1. Permissions are more flexible (not tied to the admin group).
> 2. Enforcement occurs at the DS-level
>
> It should also be noted that this patch does not enforce UUID
> randomness, only syntax. Users can still specify a token ID so long as
> it is in UUID format.
>
> Nathaniel
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140922/bd165e53/attachment.htm>
More information about the Freeipa-devel
mailing list