Dmitri Pal wrote:
Simo Sorce wrote:
On Fri, 15 Oct 2010 17:27:07 -0400
Rob Crittenden<rcrit...@redhat.com> wrote:
Remove the enrolledBy when a host is unenrolled (which is the same as
disabling the host).
ticket 301
rob
nack, if host can write enrolledBy it can fake info
Simo.
I agree. I think it should be "delete" rather than "write".
The delete permission is for entries, not for attributes.
I'll need to ask the 389-ds guys about how to do this, though I think it
may be via an attr value aci which will require some work in our aci
plugin because it doesn't currently support them.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel