[Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

Simo Sorce ssorce at redhat.com
Mon Apr 14 17:18:18 UTC 2014


On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote:
> Hello,
> 
> The first patch adds default read permissions to krbtpolicy. Since the 
> plugin manages entries in two trees, there are two permissions. Since 
> two permissions are needed to cover krbtpolicy, it can't be used as a 
> permission's --type.
> The permissions are added to a new privilege, 'Kerberos Ticket Policy 
> Readers'.
> 
> The second patch adds an ACI for reading the Kerberos realm name. Since 
> client enrollment won't work without this, I don't see a reason for 
> having it managed by a permission.
> 

LGTM

Simo.




More information about the Freeipa-devel mailing list