Alright, here's my first shot at the Kerberos Ticket Policy management plugin.

It is also a "new type" of plugin. What I mean by that is that it takes an optional primary key (username) as its first argument. If used, policy for a specific user is being managed. If not, the global policy is being managed. If there's no value defined for a specific user, the global value is displayed instead. This pattern could also be applied to the pwpolicy plugin.

The pwpolicy plugin currently doesn't even use the baseldap classes and is a bit buggy*. So, if nobody minds, I'd like to rewrite it to use this pattern. It should only take a few hours.

* minor bugs in pwpolicy plugin:
- it says that higher number in cosPriority means higher priority, this isn't 
- it is impossible to modify cosPriority using pwpolicy-mod, it throws an exception, because it tries to set it in the wrong entry


Attachment: 0001-Add-Kerberos-Ticket-Policy-management-plugin.patch
Description: application/mbox

Freeipa-devel mailing list

Reply via email to