diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2013-04-11 13:24:46 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-05-17 09:30:51 +0200 |
commit | cb689354357d5311e7ecb231a34e867c23b8a803 (patch) | |
tree | ea1e582e74be91db9abd94d3fdab007cea9a72fd /install/updates/40-otp.update | |
parent | bc26d87b3445b26b5d33235c1dfeedb7a11cdfc8 (diff) | |
download | freeipa-cb689354357d5311e7ecb231a34e867c23b8a803.tar.gz freeipa-cb689354357d5311e7ecb231a34e867c23b8a803.tar.xz freeipa-cb689354357d5311e7ecb231a34e867c23b8a803.zip |
Add IPA OTP schema and ACLs
This commit adds schema support for two factor authentication via
OTP devices, including RADIUS or TOTP. This schema will be used
by future patches which will enable two factor authentication
directly.
https://fedorahosted.org/freeipa/ticket/3365
http://freeipa.org/page/V3/OTP
Diffstat (limited to 'install/updates/40-otp.update')
-rw-r--r-- | install/updates/40-otp.update | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/install/updates/40-otp.update b/install/updates/40-otp.update new file mode 100644 index 000000000..ff36c87a6 --- /dev/null +++ b/install/updates/40-otp.update @@ -0,0 +1,9 @@ +dn: cn=otp,$SUFFIX +default: objectClass: nsContainer +default: objectClass: top +default: cn: otp + +dn: $SUFFIX +add: aci:'(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' +add: aci:'(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' +add: aci:'(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' |