[Freeipa-devel] [RFE] Anonymous and All permissions
Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to all authenticated and all, even anonymous users. Here is a design document for the feature: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions [0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [RFE] Anonymous and All permissions
On 11/04/2013 02:49 PM, Petr Viktorin wrote: Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to all authenticated and all, even anonymous users. Here is a design document for the feature: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions [0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html Looks good to me. Pretty much reflects what were talking about in person. Kudos for also writing the Test Cases. I am just thinking we may also want to do some functional tests and e.g. add an anonymous permission to read some hidden attribute and then to try to read it with anonymous LDAP search. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [RFE] Anonymous and All permissions
On 11/04/2013 04:33 PM, Martin Kosek wrote: On 11/04/2013 02:49 PM, Petr Viktorin wrote: Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to all authenticated and all, even anonymous users. Here is a design document for the feature: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions [0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html Looks good to me. Pretty much reflects what were talking about in person. Kudos for also writing the Test Cases. I am just thinking we may also want to do some functional tests and e.g. add an anonymous permission to read some hidden attribute and then to try to read it with anonymous LDAP search. I'll have some functional tests in the upcoming read permissions design. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel