On 04/09/2014 05:08 PM, Martin Kosek wrote:
On 04/09/2014 04:09 PM, Petr Viktorin wrote:
On 04/09/2014 03:26 PM, Martin Kosek wrote:
On 04/09/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
On 04/08/2014 02:25 PM, Petr Viktorin wrote:
Hello,
These add read permissions to read user groups and hostgroups.
For most attributes, anonymous read access is given.
For member, memberOf, memberUID, read access is given only to
authenticated users.
Didn't we agree that we want to make hostgroups read by authenticated users
only? Just like we did with netgroups. CCing Simo to confirm.
Apologies, I misread the agreement.
Besides the default bind type, the ACI looked ok.
I forgot if we decided anything about hostgroups, but they are not
necessary for an anonymous reader so we may as well not server them in
that case.
Simo.
In that case Petr please consider changing 511 to only allow authenticated
users to read hostgroups.
Thanks,
Martin
Fixed patches attached.
Looks good. ACK!
Martin
Thanks, pushed to master: 13f3ba5eb009a4af3bdb60a54e058fb5f62545dd
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
