On 04/09/2014 05:08 PM, Martin Kosek wrote:
On 04/09/2014 04:09 PM, Petr Viktorin wrote:
On 04/09/2014 03:26 PM, Martin Kosek wrote:
On 04/09/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
On 04/08/2014 02:25 PM, Petr Viktorin wrote:
These add read permissions to read user groups and hostgroups.

For most attributes, anonymous read access is given.
For member, memberOf, memberUID, read access is given only to
authenticated users.

Didn't we agree that we want to make hostgroups read by authenticated users
only? Just like we did with netgroups. CCing Simo to confirm.

Apologies, I misread the agreement.

Besides the default bind type, the ACI looked ok.

I forgot if we decided anything about hostgroups, but they are not
necessary for an anonymous reader so we may as well not server them in
that case.


In that case Petr please consider changing 511 to only allow authenticated
users to read hostgroups.


Fixed patches attached.

Looks good. ACK!


Thanks, pushed to master: 13f3ba5eb009a4af3bdb60a54e058fb5f62545dd


Freeipa-devel mailing list

Reply via email to