[Pki-devel] [PATCH] 285 - 293 Patches for fine grained authz in the KRA
Ade Lee
alee at redhat.com
Wed Apr 20 21:35:59 UTC 2016
Thanks,
Pushed to master.
On Wed, 2016-04-20 at 15:23 -0500, Endi Sukma Dewata wrote:
> On 4/19/2016 9:47 PM, Ade Lee wrote:
> > Some comments inline, although most of this was discussed on #irc.
> >
> > I have added two additional patches which are to be applied on top
> > of 258=293.
> >
> > 294: This patch fixes the problems identified in this review. In
> > particular:
> >
> > Review comments addressed:
> > 1. when archiving or generating keys, realm is checked
> > 2. when no plugin is found for a realm, access is denied.
> > 3. rename mFoo to foo for new variables.
> > 4. add chaining of exceptions
> > 5. remove attributes from KeyArchivalRequest etc. when realm
> > is
> > null
> > 6. Add more detail to denial in BasicGroupAuthz
> >
> > 295 - Adds the ability for authz plugins to support multiple
> > realms.
> > In particular, the authorize() command has been extended to
> > allow
> > the realm to be passed in, and the ACL plugins have been
> > modified
> > to account for the realm.
> >
> > Please review,
>
> ACK.
>
More information about the Pki-devel
mailing list