From be7de56e5d403fb97bcb583f6b7b5dd7e3fb914c Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 22 Aug 2011 16:24:07 -0400 Subject: Change the way has_keytab is determined, also check for password. We need an indicator to see if a keytab has been set on host and service entries. We also need a way to know if a one-time password is set on a host. This adds an ACI that grants search on userPassword and krbPrincipalKey so we can do an existence search on them. This way we can tell if the attribute is set and create a fake attribute accordingly. When a userPassword is set on a host a keytab is generated against that password so we always set has_keytab to False if a password exists. This is fine because when keytab gets generated for the host the password is removed (hence one-time). This adds has_keytab/has_password to the user, host and service plugins. ticket https://fedorahosted.org/freeipa/ticket/1538 --- tests/test_xmlrpc/test_krbtpolicy.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/test_xmlrpc/test_krbtpolicy.py') diff --git a/tests/test_xmlrpc/test_krbtpolicy.py b/tests/test_xmlrpc/test_krbtpolicy.py index 3db743d51..3ef603b3a 100644 --- a/tests/test_xmlrpc/test_krbtpolicy.py +++ b/tests/test_xmlrpc/test_krbtpolicy.py @@ -116,6 +116,8 @@ class test_krbtpolicy(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn) -- cgit