freeipa.git/install/updates, branch master Unnamed repository; edit this file 'description' to name the repository. Store list of non-master replicas in DIT and provide way to list them 2011-03-02T14:46:46+00:00 Simo Sorce ssorce@redhat.com 2011-02-28T22:35:44+00:00 54b26270186422607ef52b9b408326744b2d86d1 Fixes: https://fedorahosted.org/freeipa/ticket/1007 
Fixes: https://fedorahosted.org/freeipa/ticket/1007
Use Sudo rather than SUDO as a label. 2011-03-01T21:48:35+00:00 Rob Crittenden rcritten@redhat.com 2011-02-28T16:44:27+00:00 07ba40f33ea4434f11bd3919ad591d3d6acccf6c ticket 1005 
ticket 1005
Add default roles and permissions for HBAC, SUDO and pw policy 2011-02-22T15:02:24+00:00 Rob Crittenden rcritten@redhat.com 2011-02-22T14:21:14+00:00 ac68ea3c6c633206a01db5a0b74b994ab0c29093 Created some default roles as examples. In doing so I realized that we were completely missing default rules for HBAC, SUDO and password policy so I added those as well. I ran into a problem when the updater has a default record and an add at the same time, it should handle it better now. ticket 585 
Created some default roles as examples. In doing so I realized that
we were completely missing default rules for HBAC, SUDO and password
policy so I added those as well.

I ran into a problem when the updater has a default record and an add
at the same time, it should handle it better now.

ticket 585
Add aci to make managed netgroups immutable. 2011-02-18T20:29:51+00:00 Rob Crittenden rcritten@redhat.com 2011-02-17T22:19:24+00:00 496ab3f738d55e9356142048dcfef2caa46c121f ticket 962 
ticket 962
Updated default Kerberos password policy 2011-02-17T03:28:08+00:00 Jan Zeleny jzeleny@redhat.com 2011-02-10T13:02:27+00:00 3f40f1492cd39574c80af1a01e3771bd86c7027d https://fedorahosted.org/freeipa/ticket/930 
https://fedorahosted.org/freeipa/ticket/930
Add permission/privilege for updating IPA configuration. 2011-02-14T15:22:55+00:00 Rob Crittenden rcritten@redhat.com 2011-02-11T21:48:59+00:00 1315ba19d2c4bdda3dc50b46994f0c4ead5d7da0 ticket 950 
ticket 950
Move automount, default HBAC services, netgroup and hostgroup bootstrapping. 2010-12-17T22:31:19+00:00 Rob Crittenden rcritten@redhat.com 2010-12-13T18:23:04+00:00 358b28398cad150d6aab873a2d998211bf31d335 There is no need for these to be done as updates, just add these entries to the bootstrapping. 
There is no need for these to be done as updates, just add these entries
to the bootstrapping.
Re-implement access control using an updated model. 2010-12-02T01:42:31+00:00 Rob Crittenden rcritten@redhat.com 2010-12-01T16:23:52+00:00 4ad8055341b9f12c833abdf757755ed95f1b375e The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445 
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).

A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.

ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).

This makes the aci plugin internal only.

ticket 445
Reduce the number of attributes a host is allowed to write. 2010-11-30T19:30:52+00:00 Rob Crittenden rcritten@redhat.com 2010-11-17T20:04:33+00:00 d644d17adf117321747db1e4e22a771fbea3b09e The list of attributes that a host bound as itself could write was overly broad. A host can now only update its description, information about itself such as OS release, etc, its certificate, password and keytab. ticket 416 
The list of attributes that a host bound as itself could write was
overly broad.

A host can now only update its description, information about itself
such as OS release, etc, its certificate, password and keytab.

ticket 416
Add additional default HBAC login services 2010-11-08T19:23:03+00:00 Rob Crittenden rcritten@redhat.com 2010-11-03T15:49:51+00:00 d76ead6ccea2b41d3cb603124860fb3f84d8e1cc ticket 307 
ticket 307