summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-10-02 09:27:08 -0400
committerJason Gerard DeRose <jderose@redhat.com>2009-10-05 13:27:34 -0600
commit48785a5af1a2dbabd6da4cfaee000d3100260f4d (patch)
treeb93f8fb56e1543fa88c1977490249a63723902eb
parent8de6dc00dc3fc7e7a20ea6fcb6b8817224a974d7 (diff)
downloadfreeipa-48785a5af1a2dbabd6da4cfaee000d3100260f4d.tar.gz
freeipa-48785a5af1a2dbabd6da4cfaee000d3100260f4d.tar.xz
freeipa-48785a5af1a2dbabd6da4cfaee000d3100260f4d.zip
Loosen the ACI for the KDC to allow adds/deletes
Password policy entries must be a child of the entry protected by this ACI. Also change the format of this because in DS it was stored as: \n(target)\n so was base64-encoded when it was retrieved.
Diffstat
-rw-r--r--ipaserver/install/krbinstance.py4
1 files changed, 1 insertions, 3 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index a6caa81eb..f45075cf2 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -44,9 +44,7 @@ import pyasn1.codec.ber.encoder
import pyasn1.codec.ber.decoder
import struct
-KRBMKEY_DENY_ACI = """
-(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (all) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
-"""
+KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)'
def update_key_val_in_file(filename, key, val):
if os.path.exists(filename):
generated by cgit (git 2.34.1) at 2024-05-10 01:57:27 +0000