blob: 384a500beffef5615285c4c2cb1ec9e9e9c03b1f (
plain)
1
2
3
4
5
6
7
8
9
10
|
dn: krbPrincipalName=WELLKNOWN/ANONYMOUS@$REALM,cn=$REALM,cn=kerberos,$SUFFIX
changetype: modify
add: objectclass
objectclass: ipaAllowedOperations
-
add: aci
aci: (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)
-
add: ipaAllowedToPerform;read_keys
ipaAllowedToPerform;read_keys: cn=ipaservers,cn=hostgroups,cn=accounts,$SUFFIX
|
