Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins'

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 2012-07-18 at 16:19 +0300, Alexander Bokovoy wrote: On Wed, 18 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Simo Sorce wrote: On Wed, 2012-07-18 at 16:19 +0300, Alexander Bokovoy wrote: On Wed, 18 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check

[Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check if ipa-adtrust-install is run by root so this complements existing

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check if ipa-adtrust-install is