On Tue, 2012-06-26 at 14:48 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > ipaNTHash contains security sensitive information, it should be hidden just
> > like other password attributes. As a part of preparation for ticket #2511,
> > the ACI allowing global access is also updated to hide DNS zones.
> > https://fedorahosted.org/freeipa/ticket/2856
> There is a comment referencing the DNS work. Fix that and ACK.
As agreed with Rob on IRC, this comment was left there on purpose so
that it is obvious why I also added the (target != ...) part to the
global allow ACI.
Pushed to master as-is.
Freeipa-devel mailing list