[Freeipa-devel] [PATCH] 320 Only use service PAC type as an override
Rob Crittenden
rcritten at redhat.com
Tue Oct 2 20:31:39 UTC 2012
Martin Kosek wrote:
> PAC type (ipakrbauthzdata attribute) was being filled for all new
> service automatically. However, the PAC type attribute was designed
> to serve only as an override to default PAC type configured in
> IPA config. With PAC type set in all services, users would have
> to update all services to get new PAC types configured in IPA config.
>
> Do not set PAC type for new services. Add new NONE value meaning that
> we do not want any PAC for the service (empty/missing attribute means
> that the default PAC type list from IPA config is read).
>
> https://fedorahosted.org/freeipa/ticket/2184
>
> ---
>
> Note: the new NONE value of service PAC type was planned in a scope of ticket
> #2960.
ACK, but before you push can you add the jist of this commit message to
the help for PAC type in the service command help so users will
understand the difference between NONE and blank?
rob
More information about the Freeipa-devel
mailing list