We used to calculate has_keytab based on whether krblastpwdchange was set. We did this because you can't see whether a krbPrincipalKey is set.

We had a need to see whether a password was set on hosts. What I did was create a new ACI that allows search on krbPrincpalKey and userPassword. This means you can search for attribute existence and gives us a better picture of what entries have.


This adds a new fake attribute, has_password. I've added has_password and has_keytab to user objects as well so you can see whether a password is set on a user (and may be useful during migration).

rob

Attachment: freeipa-rcrit-851-indicator.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to