summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2014-06-27 16:14:56 +0200
committerPetr Viktorin <pviktori@redhat.com>2014-06-30 14:59:27 +0200
commit50c30c8401c21d43414404bd5caa157196449e4c (patch)
treedf58bbba09d1a6eb732dafe6383e9890477dd324
parentffab09a7ef7a16b220e657e24813c90ba1a13523 (diff)
downloadfreeipa-50c30c8401c21d43414404bd5caa157196449e4c.tar.gz
freeipa-50c30c8401c21d43414404bd5caa157196449e4c.tar.xz
freeipa-50c30c8401c21d43414404bd5caa157196449e4c.zip
Let Host Administrators use host-disable command
Host Administrators could not write to service keytab attribute and thus they could not run the host-disable command. https://fedorahosted.org/freeipa/ticket/4284 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r--ipalib/plugins/service.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 8d6a14711..9f3791aab 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -343,7 +343,7 @@ class service(LDAPObject):
'replaces': [
'(targetattr = "krbprincipalkey || krblastpwdchange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage service keytab";allow (write) groupdn = "ldap:///cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX";)',
],
- 'default_privileges': {'Service Administrators'},
+ 'default_privileges': {'Service Administrators', 'Host Administrators'},
},
'System: Modify Services': {
'ipapermright': {'write'},