[Freeipa-devel] [PATCH] 278 Remove ipaNTHash from global allow ACI
Martin Kosek
mkosek at redhat.com
Tue Jun 26 19:30:22 UTC 2012
On Tue, 2012-06-26 at 14:48 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > ipaNTHash contains security sensitive information, it should be hidden just
> > like other password attributes. As a part of preparation for ticket #2511,
> > the ACI allowing global access is also updated to hide DNS zones.
> >
> > https://fedorahosted.org/freeipa/ticket/2856
>
> There is a comment referencing the DNS work. Fix that and ACK.
>
> rob
As agreed with Rob on IRC, this comment was left there on purpose so
that it is obvious why I also added the (target != ...) part to the
global allow ACI.
Pushed to master as-is.
Martin
More information about the Freeipa-devel
mailing list