On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: > On Wed, 16 Apr 2014, Simo Sorce wrote: > >> + 'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', > >> + 'ipanttrustposixoffset', > >> 'ipantsupportedencryptiontypes', > >> + 'ipantsidblacklistincoming', > >> 'ipantsidblacklistoutgoing', > >> + # ipaNTDomainAttrs: > >> + 'ipantsecurityidentifier', 'ipantflatname', > >> 'ipantdomainguid', > >> + 'ipantfallbackprimarygroup', > >> + }, > >> + }, > >> + } > >> > >> label = _('Trusts') > >> label_singular = _('Trust') > > > >In general I am not sure all authenticated users need access to all this > >info. Alexander ? > SSSD needs to read some of this information for subdomains support. > That would be at least host/*@REALM who needs to access it.
Can you please list exactly which ones are needed ? Simo. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel