On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
> On 04/08/2014 02:25 PM, Petr Viktorin wrote:
> > Hello,
> > These add read permissions to read user groups and hostgroups.
> > 
> > For most attributes, anonymous read access is given.
> > For member, memberOf, memberUID, read access is given only to authenticated 
> > users.
> 
> Didn't we agree that we want to make hostgroups read by authenticated users
> only? Just like we did with netgroups. CCing Simo to confirm.
> 
> Besides the default bind type, the ACI looked ok.

I forgot if we decided anything about hostgroups, but they are not
necessary for an anonymous reader so we may as well not server them in
that case.

Simo.

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to