Use exop instead of kadmin.local

author: Sumit Bose <sbose@redhat.com> 2012-03-13 14:06:02 +0100
committer: Martin Kosek <mkosek@redhat.com> 2012-06-11 09:40:59 +0200
commit: b367c9ee7e2c7412473bae469f5ac67c0c8f1205 (patch)
tree: 86fc8b752e18cff4156bae90e075df99e0ef7b7d /install
parent: 6f1baf8b16e5c74ec1d2a8d9ebbf41c979e2f2d5 (diff)
download: freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.tar.gz
freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.tar.xz
freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index cfd1ad7e5..82d78315d 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -54,7 +54,7 @@ default: cn: trusts
 # 1. cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX can manage trusts, to allow modification via CIFS
 # 2. cn=trust admins,cn=groups,cn=accounts,$SUFFIX can manage trusts (via ipa tools)
 dn: cn=trusts,$SUFFIX
-add:aci: '(target = "ldap:///cn=trusts,$SUFFIX")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes")(version 3.0;acl "Allow trust system user to create and delete trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX";)'
+add:aci: '(target = "ldap:///cn=trusts,$SUFFIX")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX";)'
 add:aci: '(target = "ldap:///cn=trusts,$SUFFIX")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,$SUFFIX";)'
 
 # Samba user should be able to read NT passwords to authenticate
author	Sumit Bose <sbose@redhat.com>	2012-03-13 14:06:02 +0100
committer	Martin Kosek <mkosek@redhat.com>	2012-06-11 09:40:59 +0200
commit	b367c9ee7e2c7412473bae469f5ac67c0c8f1205 (patch)
tree	86fc8b752e18cff4156bae90e075df99e0ef7b7d /install
parent	6f1baf8b16e5c74ec1d2a8d9ebbf41c979e2f2d5 (diff)
download	freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.tar.gz freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.tar.xz freeipa-b367c9ee7e2c7412473bae469f5ac67c0c8f1205.zip