[Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name
Simo Sorce
ssorce at redhat.com
Mon Apr 14 17:18:18 UTC 2014
On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote:
> Hello,
>
> The first patch adds default read permissions to krbtpolicy. Since the
> plugin manages entries in two trees, there are two permissions. Since
> two permissions are needed to cover krbtpolicy, it can't be used as a
> permission's --type.
> The permissions are added to a new privilege, 'Kerberos Ticket Policy
> Readers'.
>
> The second patch adds an ACI for reading the Kerberos realm name. Since
> client enrollment won't work without this, I don't see a reason for
> having it managed by a permission.
>
LGTM
Simo.
More information about the Freeipa-devel
mailing list