On 04/09/2014 10:59 AM, Martin Kosek wrote:
On 04/07/2014 01:34 PM, Petr Viktorin wrote:
On 04/07/2014 01:28 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read HBAC rules, services, and service groups.
Read access is given to all authenticated users.
So far looked OK in my tests. What about the ACIs like the following one?
(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny
(read,search,compare) userdn != "ldap:///all";;)
Do we want to remove them together with this patch to have the change grouped
together with allow ACIs or do you plan to remove all similar deny ACIs at
once? (together with the master read ACI)
Martin
I want to remove them after removing the global read ACI, so that in the mean
time we're not allowing more access than we should.
Ok, makes sense. I tested the patch again and it worked fine (after I removed
the deny rule).
ACK.
Martin
Thanks, pushed to master: 39327dbb75e92e4184bdda2dbd802cf349866861
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
