On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote:
> Hello,
> The first patch adds default read permissions to krbtpolicy. Since the 
> plugin manages entries in two trees, there are two permissions. Since 
> two permissions are needed to cover krbtpolicy, it can't be used as a 
> permission's --type.
> The permissions are added to a new privilege, 'Kerberos Ticket Policy 
> Readers'.
> The second patch adds an ACI for reading the Kerberos realm name. Since 
> client enrollment won't work without this, I don't see a reason for 
> having it managed by a permission.



Freeipa-devel mailing list

Reply via email to