Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Simo Sorce wrote: I guess so. Ok, removed the duplicate krbMKey and pushed to master rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

On Tue, 30 Nov 2010 10:28:41 -0500 Rob Crittenden wrote: > Simo Sorce wrote: > > On Wed, 17 Nov 2010 15:07:03 -0500 > > Rob Crittenden wrote: > > > >> +aci: (targetattr != "userPassword || krbPrincipalKey || > >> sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || > >> krbPrincip

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Simo Sorce wrote: On Wed, 17 Nov 2010 15:07:03 -0500 Rob Crittenden wrote: +aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference ||

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Simo Sorce wrote: On Wed, 17 Nov 2010 15:07:03 -0500 Rob Crittenden wrote: +aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference ||

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

On Wed, 17 Nov 2010 15:07:03 -0500 Rob Crittenden wrote: > +aci: (targetattr != "userPassword || krbPrincipalKey || > sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || > krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || > krbTicketPolicyReference || krbPrincipal

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Simo Sorce wrote: On Wed, 17 Nov 2010 15:07:03 -0500 Rob Crittenden wrote: aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///an

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

On Wed, 17 Nov 2010 15:07:03 -0500 Rob Crittenden wrote: > aci: (targetattr != "userPassword || krbPrincipalKey || > sambaLMPassword || sambaNTPassword || passwordHistory || > krbMKey")(version 3.0; acl "Enable Anonymous access"; allow (read, > search, compare) userdn = "ldap:///anyone";;) -aci:

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Rob Crittenden wrote: Jakub Hrozek wrote: On Wed, Nov 10, 2010 at 04:25:18PM -0500, Rob Crittenden wrote: The list of attributes that a host bound as itself could write was overly broad. A host can now only update its description, information about itself such as OS release, etc, its certifica

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

Jakub Hrozek wrote: On Wed, Nov 10, 2010 at 04:25:18PM -0500, Rob Crittenden wrote: The list of attributes that a host bound as itself could write was overly broad. A host can now only update its description, information about itself such as OS release, etc, its certificate, password and keytab

Re: [Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

On Wed, Nov 10, 2010 at 04:25:18PM -0500, Rob Crittenden wrote: > The list of attributes that a host bound as itself could write was > overly broad. > > A host can now only update its description, information about itself > such as OS release, etc, its certificate, password and keytab. > > https:

[Freeipa-devel] [PATCH] 609 Reduce the number of attributes a host is allowed to write.

The list of attributes that a host bound as itself could write was overly broad. A host can now only update its description, information about itself such as OS release, etc, its certificate, password and keytab. https://fedorahosted.org/freeipa/ticket/416 rob >From 9bb5fbc682bf290b81e5b86efcaf