On 04/09/2014 03:04 PM, Simo Sorce wrote: > On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: >> On 04/08/2014 02:25 PM, Petr Viktorin wrote: >>> Hello, >>> These add read permissions to read user groups and hostgroups. >>> >>> For most attributes, anonymous read access is given. >>> For member, memberOf, memberUID, read access is given only to authenticated >>> users. >> >> Didn't we agree that we want to make hostgroups read by authenticated users >> only? Just like we did with netgroups. CCing Simo to confirm. >> >> Besides the default bind type, the ACI looked ok. > > I forgot if we decided anything about hostgroups, but they are not > necessary for an anonymous reader so we may as well not server them in > that case. > > Simo. >
In that case Petr please consider changing 511 to only allow authenticated users to read hostgroups. Thanks, Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
