Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 16.10.2014 v 20:28 Martin Kosek napsal(a): On 10/16/2014 07:03 PM, Petr Vobornik wrote: On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51,

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 17.10.2014 11:06, Jan Cholasta wrote: Dne 16.10.2014 v 20:28 Martin Kosek napsal(a): On 10/16/2014 07:03 PM, Petr Vobornik wrote: On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 17.10.2014 v 13:48 Petr Vobornik napsal(a): On 17.10.2014 11:06, Jan Cholasta wrote: Dne 16.10.2014 v 20:28 Martin Kosek napsal(a): On 10/16/2014 07:03 PM, Petr Vobornik wrote: On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54,

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 17.10.2014 13:52, Jan Cholasta wrote: Thanks, ACK. rebased due to version change and pushed to: master: * 59ee6314afc7f0f7735ab1349caa970f0f00d78a keytab manipulation permission management * b69a8dad2ebd98516d36b1470fa27c0819b8a985 tests: management of keytab permissions ipa-4-1: *

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 New revisions of 761 and 763 with updated API and ACIs: ipa host-allow-operation HOSTNAME

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 New revisions of 761 and 763 with updated API and

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for:

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for:

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/16/2014 07:03 PM, Petr Vobornik wrote: On 16.10.2014 11:53, Jan Cholasta wrote: Dne 16.10.2014 v 11:24 Petr Vobornik napsal(a): On 16.10.2014 09:54, Jan Cholasta wrote: Dne 13.10.2014 v 12:42 Petr Vobornik napsal(a): On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 New revisions of 761 and 763 with updated API and ACIs: ipa host-allow-operation HOSTNAME retrieve-keytab --users=STR --groups STR ipa

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 New revisions of 761 and 763 with updated API and ACIs: ipa host-allow-operation HOSTNAME retrieve-keytab --users=STR --groups STR ipa host-disallow-operation HOSTNAME

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API.

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 05:03 PM, Petr Vobornik wrote: On 3.10.2014 16:46, Simo Sorce wrote: I did not do any ACI work in the patch yet. I assume that we would like to add the attr into 'System: Read Host|Service' permission. But I think that write right should have it's own permission. I have added

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 01:31 PM, Petr Viktorin wrote: On 10/03/2014 05:02 PM, Martin Kosek wrote: [...] I like these the best. Maybe with a -to or -by suffix. or if we expect more operations in a future: ipa host-allow-operation HOSTNAME --operation read-keys --users=STR --groups STR ipa

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On Mon, 06 Oct 2014 15:49:09 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 6.10.2014 15:49, Martin Kosek wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 04:15 PM, Petr Vobornik wrote: On 6.10.2014 15:49, Martin Kosek wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a):

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what host-add-retrieve-keytab means. That word does not even make much sense. Can we use something more readable? For example: ipa host-add-allowed-operation

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

- Original Message - From: Petr Vobornik pvobo...@redhat.com To: freeipa-devel freeipa-devel@redhat.com, jch Jan Cholasta jchol...@redhat.com, simo Sorce s...@redhat.com Sent: Friday, October 3, 2014 10:08:53 AM Subject: Re: [Freeipa-devel] [PATCH] 761 keytab manipulation

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what host-add-retrieve-keytab means. That word does not even make much sense. Can we use something more readable? For

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 04:47 PM, Petr Vobornik wrote: On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what host-add-retrieve-keytab means. That word does not even make much

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what host-add-retrieve-keytab means. That word does not even make much

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 3.10.2014 16:46, Simo Sorce wrote: I did not do any ACI work in the patch yet. I assume that we would like to add the attr into 'System: Read Host|Service' permission. But I think that write right should have it's own permission. I have added 2 new permissions. Simo, are they OK? for