On Wed, 2014-04-23 at 20:37 +0200, Petr Viktorin wrote: > Admin access to read-only attributes such as ipaUniqueId, memberOf, > krbPrincipalName is provided by the anonymous read ACI, which will go > away. This patch adds a blanket read ACI for these. > I also moved some related ACIs to 20-aci.update. > > Previously krbPwdHistory was also readable by admins. I don't think we > want to include that. > Simo, should admins be allowed to read krbExtraData?
Probably not necessary but there is nothing secret in it either. Simo. _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel