On 10/02/2012 10:31 PM, Rob Crittenden wrote:
Martin Kosek wrote:
PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC types configured in IPA config.
Do not set PAC type for new services. Add new NONE value meaning that
we do not want any PAC for the service (empty/missing attribute means
that the default PAC type list from IPA config is read).
https://fedorahosted.org/freeipa/ticket/2184
---
Note: the new NONE value of service PAC type was planned in a scope of ticket
#2960.
ACK, but before you push can you add the jist of this commit message to the
help for PAC type in the service command help so users will understand the
difference between NONE and blank?
rob
Good idea. I updated doc of this attribute in service plugin and also doc/label
of a relevant config option to help user distinguish what is a default and what
is an override.
Pushed to master, ipa-3-0.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
