On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: > Hello, > > The first patch adds default read permissions to krbtpolicy. Since the > plugin manages entries in two trees, there are two permissions. Since > two permissions are needed to cover krbtpolicy, it can't be used as a > permission's --type. > The permissions are added to a new privilege, 'Kerberos Ticket Policy > Readers'. > > The second patch adds an ACI for reading the Kerberos realm name. Since > client enrollment won't work without this, I don't see a reason for > having it managed by a permission. >
LGTM Simo. _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
