On 06/27/2014 05:10 PM, Simo Sorce wrote:
> On Fri, 2014-06-27 at 16:16 +0200, Martin Kosek wrote:
>> Host Administrators could not write to service keytab attribute and
>> thus they could not run the host-disable command.
>> https://fedorahosted.org/freeipa/ticket/4284
> Any reason why Host Administrators are not members of the service
> Administrators group/permission by default ?
> Simo.

I assume that the original intent was to allow admins to separate this
privileges. I.e. allow service administrators manage services on hosts but do
not allow them delete or disable the hosts.

This patch fixes the reported request for Foreman integration, if you have a
better one fixing it as well, we can go different way.


Freeipa-devel mailing list

Reply via email to