Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-28 Thread Alexander Bokovoy
On Fri, 25 Apr 2014, Petr Viktorin wrote: On 04/23/2014 02:46 PM, Martin Kosek wrote: On 04/22/2014 01:38 PM, Petr Viktorin wrote: On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-28 Thread Martin Kosek
On 04/28/2014 10:02 AM, Alexander Bokovoy wrote: On Fri, 25 Apr 2014, Petr Viktorin wrote: On 04/23/2014 02:46 PM, Martin Kosek wrote: On 04/22/2014 01:38 PM, Petr Viktorin wrote: On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-28 Thread Alexander Bokovoy
On Mon, 28 Apr 2014, Martin Kosek wrote: On 04/28/2014 10:02 AM, Alexander Bokovoy wrote: On Fri, 25 Apr 2014, Petr Viktorin wrote: On 04/23/2014 02:46 PM, Martin Kosek wrote: On 04/22/2014 01:38 PM, Petr Viktorin wrote: On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-25 Thread Petr Viktorin
On 04/23/2014 02:46 PM, Martin Kosek wrote: On 04/22/2014 01:38 PM, Petr Viktorin wrote: On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am not sure all authenticated users need access

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-23 Thread Martin Kosek
On 04/22/2014 01:38 PM, Petr Viktorin wrote: On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am not sure all authenticated users need access to all this info. Alexander ? SSSD needs

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-22 Thread Petr Viktorin
On 04/16/2014 05:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am not sure all authenticated users need access to all this info. Alexander ? SSSD needs to read some of this information for subdomains

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-17 Thread Martin Kosek
On 04/16/2014 06:56 PM, Sumit Bose wrote: On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: ... Can you please list exactly which ones are needed ? ... - objectclass ipaIDRange - cn - ipaBaseID - ipaIDRangeSize -

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Simo Sorce
On Wed, 2014-04-16 at 14:55 +0200, Petr Viktorin wrote: Similarly to automount, a single permission is added for reading all the trust objects. Read access is given to all authenticated users. NACK!! See inline From a499784cbea2f1282a07629a94e67e14c14a35d0 Mon Sep 17 00:00:00 2001 From:

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Alexander Bokovoy
On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', +'ipanttrustposixoffset', 'ipantsupportedencryptiontypes', +'ipantsidblacklistincoming', 'ipantsidblacklistoutgoing', +# ipaNTDomainAttrs:

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Simo Sorce
On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', +'ipanttrustposixoffset', 'ipantsupportedencryptiontypes', +

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Alexander Bokovoy
On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', +'ipanttrustposixoffset', 'ipantsupportedencryptiontypes', +

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Martin Kosek
On 04/16/2014 03:59 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', +

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Alexander Bokovoy
On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 03:59 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid',

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Martin Kosek
On 04/16/2014 05:10 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 03:59 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Alexander Bokovoy
On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 05:10 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 03:59 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Martin Kosek
On 04/16/2014 05:22 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 05:10 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: On 04/16/2014 03:59 PM, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Alexander Bokovoy
On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am not sure all authenticated users need access to all this info. Alexander ? SSSD needs to read some of this information for subdomains support. That would be at least host/*@REALM who needs to access it. Can you please list exactly which

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Simo Sorce
On Wed, 2014-04-16 at 18:34 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Martin Kosek wrote: In general I am not sure all authenticated users need access to all this info. Alexander ? SSSD needs to read some of this information for subdomains support. That would be at least

Re: [Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts

2014-04-16 Thread Sumit Bose
On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote: On Wed, 16 Apr 2014, Simo Sorce wrote: +'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo', +