diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-06-27 16:14:56 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-30 14:59:27 +0200 |
commit | 50c30c8401c21d43414404bd5caa157196449e4c (patch) | |
tree | df58bbba09d1a6eb732dafe6383e9890477dd324 | |
parent | ffab09a7ef7a16b220e657e24813c90ba1a13523 (diff) | |
download | freeipa-50c30c8401c21d43414404bd5caa157196449e4c.tar.gz freeipa-50c30c8401c21d43414404bd5caa157196449e4c.tar.xz freeipa-50c30c8401c21d43414404bd5caa157196449e4c.zip |
Let Host Administrators use host-disable command
Host Administrators could not write to service keytab attribute and
thus they could not run the host-disable command.
https://fedorahosted.org/freeipa/ticket/4284
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r-- | ipalib/plugins/service.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 8d6a14711..9f3791aab 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -343,7 +343,7 @@ class service(LDAPObject): 'replaces': [ '(targetattr = "krbprincipalkey || krblastpwdchange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage service keytab";allow (write) groupdn = "ldap:///cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX";)', ], - 'default_privileges': {'Service Administrators'}, + 'default_privileges': {'Service Administrators', 'Host Administrators'}, }, 'System: Modify Services': { 'ipapermright': {'write'}, |