From 1df314d3bf6d0e1538e2d2da86daa4aa732113f0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 15 Feb 2012 11:16:52 -0500
Subject: Add S4U2Proxy delegation permissions on upgrades

https://fedorahosted.org/freeipa/ticket/2396
---
 install/updates/30-s4u2proxy.update | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'install')

diff --git a/install/updates/30-s4u2proxy.update b/install/updates/30-s4u2proxy.update
index 15c3f616..392afed6 100644
--- a/install/updates/30-s4u2proxy.update
+++ b/install/updates/30-s4u2proxy.update
@@ -16,3 +16,9 @@ default: objectClass: groupOfPrincipals
 default: objectClass: top
 default: cn: ipa-ldap-delegation-targets
 default: memberPrincipal: ldap/$FQDN@$REALM
+
+dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
+add: memberPrincipal: HTTP/$FQDN@$REALM
+
+dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
+add: memberPrincipal: ldap/$FQDN@$REALM
-- 
cgit