On 09/09/2013 06:31 PM, Simo Sorce wrote:
On Mon, 2013-09-09 at 16:40 +0200, Petr Viktorin wrote:
On 09/09/2013 03:46 PM, Simo Sorce wrote:
[...]
How do you handle a case where we add 'read-only by admin' for an
attribute that was not in the default ACI list at all previously, but
the admin
On 09/07/2013 04:45 PM, Simo Sorce wrote:
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
On Fri, 2013-09-06 at 08:46 -0400, Rob Crittenden wrote:
[...]
I'm not sure I follow, what are you trying to achieve here? The more ACIs the
slower the
On Mon, 2013-09-09 at 13:00 +0200, Petr Viktorin wrote:
On 09/07/2013 04:45 PM, Simo Sorce wrote:
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
On Fri, 2013-09-06 at 08:46 -0400, Rob Crittenden wrote:
[...]
I'm not sure I follow, what are you
Petr Viktorin wrote:
On 09/09/2013 03:46 PM, Simo Sorce wrote:
On Mon, 2013-09-09 at 13:00 +0200, Petr Viktorin wrote:
On 09/07/2013 04:45 PM, Simo Sorce wrote:
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
[...]
It could get ugly real fast, and
On 09/09/2013 03:46 PM, Simo Sorce wrote:
On Mon, 2013-09-09 at 13:00 +0200, Petr Viktorin wrote:
On 09/07/2013 04:45 PM, Simo Sorce wrote:
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
[...]
It could get ugly real fast, and potentially cause a lot
On 09/09/2013 04:44 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
[...]
There needs to be some mechanism for us for force-replace existing ACIs
in the case of a security issue.
Under my proposal, we can just remove the offending attribute from the
default list, and trust that the admin
On Mon, 2013-09-09 at 16:40 +0200, Petr Viktorin wrote:
On 09/09/2013 03:46 PM, Simo Sorce wrote:
On Mon, 2013-09-09 at 13:00 +0200, Petr Viktorin wrote:
On 09/07/2013 04:45 PM, Simo Sorce wrote:
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
Sorry to come late to this thread.
I think I like some of Petr plan, but not all of it.
On Fri, 2013-09-06 at 08:46 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
On 5.9.2013 19:48, Rob Crittenden wrote:
Petr Viktorin wrote:
# External users system accounts
I'm not sure how to handle external users here, since they're not added
to any group. Either we'll need a special ACI for them, or somehow make
it possible to add non-group sets of users to Roles.
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
An IPA terminology refresher for reference:
- ACI: The DS-level permission.
-
On 09/06/2013 09:26 AM, Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
[...]
# Permission structure
I think it
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
An IPA terminology refresher for reference:
- ACI: The DS-level
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
[...]
Right, I just
Petr Viktorin wrote:
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
Petr Viktorin wrote:
On 09/06/2013 03:59 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
On 09/06/2013 03:59 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566
On 09/06/2013 10:11 AM, Petr Viktorin wrote:
On 09/06/2013 03:59 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Hello,
I have some notes and questions on
On 09/06/2013 04:41 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/06/2013 03:59 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/06/2013 02:46 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/05/2013 07:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
[...]
# P.S.
I
Hello,
I have some notes and questions on
https://fedorahosted.org/freeipa/ticket/3566 (Control access of user
roles to server functions).
An IPA terminology refresher for reference:
- ACI: The DS-level permission.
- Permission: IPA object that encapsulates one ACI. Example: add user.
19 matches
Mail list logo