diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2016-06-21 14:19:03 -0400 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2016-06-30 13:39:59 +0200 |
commit | 0855b014b1edcb1632a41e380220abd7bb5e481a (patch) | |
tree | 559ab62db4dde64968ad5198b14edc807dec1d55 /ipaserver/plugins | |
parent | fed9d9aaa73604f6e100acbe2d3c192f4e4676e8 (diff) | |
download | freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.tar.gz freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.tar.xz freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.zip |
Add authentication indicators support to Host objects
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/host.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 0072431de..1091f8574 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -295,7 +295,7 @@ class host(LDAPObject): 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', 'managedby', 'memberofindirect', 'macaddress', - 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', + 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind' ] uuid_attribute = 'ipauniqueid' attribute_members = { @@ -530,6 +530,14 @@ class host(LDAPObject): label=_('Assigned ID View'), flags=['no_option'], ), + Str('krbprincipalauthind*', + cli_name='auth_ind', + label=_('Authentication Indicators'), + doc=_("Defines a whitelist for Authentication Indicators." + " Use 'otp' to allow OTP-based 2FA authentications." + " Use 'radius' to allow RADIUS-based 2FA authentications." + " Other values may be used for custom configurations."), + ), ) + ticket_flags_params def get_dn(self, *keys, **options): @@ -912,6 +920,13 @@ class host_mod(LDAPUpdate): if 'krbticketpolicyaux' not in entry_attrs['objectclass']: entry_attrs['objectclass'].append('krbticketpolicyaux') + if 'krbprincipalauthind' in entry_attrs: + if 'objectclass' not in entry_attrs: + entry_attrs_old = ldap.get_entry(dn, ['objectclass']) + entry_attrs['objectclass'] = entry_attrs_old['objectclass'] + if 'krbprincipalaux' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('krbprincipalaux') + add_sshpubkey_to_attrs_pre(self.context, attrs_list) return dn |