On Wed, 25 Jun 2014, Tomas Babej wrote:
On 06/25/2014 11:45 AM, Petr Viktorin wrote:
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read access to additional attributes
is required for the trust objects.
First patch looks fine.
For the second: should the trust ACIs apply to other objects than
(objectclas=ipanttrusteddomain)?
If not, we can enable "--type=trust" permissions and use it to specify
location & filter, see attached patch.
Turns out there are also kerberos principals stored under cn=trust tree
and this filter would block the access to them.
Attached is a new version of 234, which allows reading krbPrincipalName
as well.
ACK.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
