Simo Sorce wrote:
On Mon, 2014-06-16 at 09:53 +0200, Petr Viktorin wrote:
On 06/13/2014 10:20 PM, Simo Sorce wrote:
[...]
2) and I think this is a MUCH bigger issue, the Admin users are
unbounded and pass any Access Control Check and this means they can now
retrieve any key for users or
On Tue, 2014-06-17 at 15:30 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Mon, 2014-06-16 at 09:53 +0200, Petr Viktorin wrote:
On 06/13/2014 10:20 PM, Simo Sorce wrote:
[...]
2) and I think this is a MUCH bigger issue, the Admin users are
unbounded and pass any Access Control Check
Simo Sorce wrote:
On Tue, 2014-06-17 at 15:30 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Mon, 2014-06-16 at 09:53 +0200, Petr Viktorin wrote:
On 06/13/2014 10:20 PM, Simo Sorce wrote:
[...]
2) and I think this is a MUCH bigger issue, the Admin users are
unbounded and pass any Access
On Tue, 2014-06-17 at 15:49 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2014-06-17 at 15:30 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Mon, 2014-06-16 at 09:53 +0200, Petr Viktorin wrote:
On 06/13/2014 10:20 PM, Simo Sorce wrote:
[...]
2) and I think this is a MUCH
On 06/13/2014 10:20 PM, Simo Sorce wrote:
[...]
2) and I think this is a MUCH bigger issue, the Admin users are
unbounded and pass any Access Control Check and this means they can now
retrieve any key for users or machines.
It is already bad enough that admins can unconditionally set any key,
On Fri, 2014-06-13 at 23:16 +0200, Tomas Babej wrote:
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -21,11 +21,17 @@ changetype: modify
add: aci
aci: (targetfilter =
(|(objectClass=ipaConfigObject)(dnahostname=*)))(version 3.0;acl
Admins can change GUI
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the error log for debugging.
Ok added more detailed logging
Nit: Coluld not fetch REALM backend
Fixed
There are still a
On Fri, 2014-06-13 at 12:54 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the error log for debugging.
Ok added more detailed logging
On Fri, 2014-06-13 at 14:04 -0400, Simo Sorce wrote:
On Fri, 2014-06-13 at 12:54 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the error
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the error log for debugging.
Ok added more detailed logging
Nit: Coluld not fetch REALM backend
Fixed
On Fri, 2014-06-13 at 14:29 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the error log for debugging.
Ok added more
On 06/13/2014 10:20 PM, Simo Sorce wrote:
On Fri, 2014-06-13 at 14:29 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
0001
When is_allowed_to_access_attr() fails it should include the value of
access in the
On Tue, 2014-06-10 at 20:13 -0400, Simo Sorce wrote:
Still upgrading my server, so still untested, but again just to catch
style issues, I'll post news once I can test the changes do not break
functionality.
I finished upgrading the server and redone my functional testing.
Both getting ad
Simo Sorce wrote:
On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 17:53 -0400, Nathaniel
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo
On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 17:53 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 15:02 -0400, Simo Sorce wrote:
On
On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 17:53 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 16:24 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
Simo Sorce wrote:
This patch set is an initial implementation of ticket #3859
It seem to be working fine in my initial testing but I have not yet
tested all cases.
However I wonted to throw it on the list to get some initial feedback
about the choices I made wrt access control and
On Mon, 2014-06-09 at 15:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 13:39 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
This patch set is an initial implementation of ticket #3859
It seem to be working fine in my initial testing but I have not yet
tested all cases.
On Mon, 2014-06-09 at 17:53 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 15:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 13:39 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
This patch set is an initial implementation of ticket #3859
It seem to be working fine in
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 17:53 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 15:02 -0400, Simo Sorce wrote:
On Mon, 2014-06-09 at 13:39 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
This patch set is an initial
On Thu, 2014-05-29 at 18:57 +0200, Petr Spacek wrote:
On 29.5.2014 18:40, Nathaniel McCallum wrote:
On Mon, 2013-09-23 at 08:12 -0400, Simo Sorce wrote:
On Mon, 2013-09-23 at 09:00 +0200, Petr Spacek wrote:
On 20.9.2013 21:35, Simo Sorce wrote:
This patch set is an initial implementation
On 20.9.2013 21:35, Simo Sorce wrote:
This patch set is an initial implementation of ticket #3859
It seem to be working fine in my initial testing but I have not yet
tested all cases.
However I wonted to throw it on the list to get some initial feedback
about the choices I made wrt access
On Mon, 2013-09-23 at 09:00 +0200, Petr Spacek wrote:
On 20.9.2013 21:35, Simo Sorce wrote:
This patch set is an initial implementation of ticket #3859
It seem to be working fine in my initial testing but I have not yet
tested all cases.
However I wonted to throw it on the list to get
25 matches
Mail list logo