[Freeipa-devel] [PATCH] 0050 caacl: correctly handle full user principal name
Martin Basti
mbasti at redhat.com
Wed Apr 20 16:08:13 UTC 2016
On 14.03.2016 06:18, Alexander Bokovoy wrote:
> On Mon, 14 Mar 2016, Fraser Tweedale wrote:
>> The attached patch fixes
>> https://fedorahosted.org/freeipa/ticket/5733. Thanks to Alexander
>> for finding and reporting.
>>
>> Cheers,
>> Fraser
>
>> From 9bd7b74d9c928f386bd7dae59588580881ed1a9d Mon Sep 17 00:00:00 2001
>> From: Fraser Tweedale <ftweedal at redhat.com>
>> Date: Mon, 14 Mar 2016 14:49:47 +1100
>> Subject: [PATCH] caacl: correctly handle full user principal name
>>
>> The caacl HBAC request is correct when just the username is given,
>> but the full 'user at REALM' form was not handled correctly.
>>
>> Fixes: https://fedorahosted.org/freeipa/ticket/5733
> A context might be helpful here: if you are using certmonger's -K option
> to specify a user principal name to add to certificate, the name will
> get normalized to include the realm. This is how it gets to caacl check.
>
> ACK.
>
Pushed to:
master: c2b92b57354923a8099a0da446cef63802d2447b
ipa-4-3: 90ca7d4167d25f50b36322a817f1f62930a7ea58
ipa-4-2: 8a8ee89cf738a3cdae848bd9db4d358d94da6d26
More information about the Freeipa-devel
mailing list