[Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

Nathaniel McCallum npmccallum at redhat.com
Sun Sep 21 19:07:27 UTC 2014


Users that can rename the token (such as admins) can also create
non-UUID token names.

https://fedorahosted.org/freeipa/ticket/4456

NOTE: this patch is an alternate approach to my patch 0065. This version
has two main advantages compared to 0065:
1. Permissions are more flexible (not tied to the admin group).
2. Enforcement occurs at the DS-level

It should also be noted that this patch does not enforce UUID
randomness, only syntax. Users can still specify a token ID so long as
it is in UUID format.

Nathaniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-npmccallum-0069-Adds-389DS-plugin-to-enforce-UUID-token-IDs.patch
Type: text/x-patch
Size: 12594 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140921/f11f3b8f/attachment.bin>


More information about the Freeipa-devel mailing list