On Wed, 09 Mar 2016, Martin Basti wrote:



On 09.03.2016 13:19, Alexander Bokovoy wrote:
On Wed, 09 Dec 2015, Simo Sorce wrote:
From f21c88b9f74453c6d6e16fb17d94efa469eed564 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Tue, 24 Nov 2015 18:01:52 -0500
Subject: [PATCH] Allow to specify Kerberos authz data type per user

Like for services setting the ipaKrbAuthzData attribute on a user object will
allow us to control exactly what authz data is allowed for that user.
Setting NONE would allow no authz data, while setting MS-PAC would allow only
Active Directory compatible data.

Signed-off-by: Simo Sorce <s...@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/2579
ACK for the code as that is obvious but I have question about
objectclass replication -- we extend objectclass definition to allow
more attributes in MAY. How 389-ds handles replication of such case,
will a new definition override the old one without any problem?
if it will be updated by ipa-server-upgrade, it should be done without any problem.
I'm interested in the replication part.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to