diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-06-29 15:56:55 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2016-06-30 16:44:56 +0200 |
commit | 97db87b383b1ae4639bdb51793354bad30adf5a9 (patch) | |
tree | f1cfe54fe9d0a37a5edc83b7bf35f67712bee22a /ipaserver/plugins/host.py | |
parent | 2beb72ffa4bea5e22c2ba4685a524df36d1f800c (diff) | |
download | freeipa-97db87b383b1ae4639bdb51793354bad30adf5a9.tar.gz freeipa-97db87b383b1ae4639bdb51793354bad30adf5a9.tar.xz freeipa-97db87b383b1ae4639bdb51793354bad30adf5a9.zip |
host: Added permissions for auth. indicators read/modify
Added permissions for Kerberos authentication indicators reading and
modifying to host objects.
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipaserver/plugins/host.py')
-rw-r--r-- | ipaserver/plugins/host.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 5ade11219..de0aca5ca 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -303,7 +303,7 @@ class host(LDAPObject): 'enrolledby', 'managedby', 'ipaassignedidview', 'krbprincipalname', 'krbcanonicalname', 'krbprincipalaliases', 'krbprincipalexpiration', 'krbpasswordexpiration', - 'krblastpwdchange', + 'krblastpwdchange', 'krbprincipalauthind', }, }, 'System: Read Host Membership': { @@ -381,6 +381,7 @@ class host(LDAPObject): 'ipapermdefaultattr': { 'description', 'l', 'nshardwareplatform', 'nshostlocation', 'nsosversion', 'macaddress', 'userclass', 'ipaassignedidview', + 'krbprincipalauthind', }, 'replaces': [ '(targetattr = "description || l || nshostlocation || nshardwareplatform || nsosversion")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Hosts";allow (write) groupdn = "ldap:///cn=Modify Hosts,cn=permissions,cn=pbac,$SUFFIX";)', |