diff options
-rw-r--r-- | API.txt | 9 | ||||
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | ipalib/plugins/service.py | 10 |
3 files changed, 17 insertions, 6 deletions
@@ -3901,7 +3901,7 @@ output: Entry('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: PrimaryKey('value') command: service_add -args: 1,11,3 +args: 1,12,3 arg: Str('krbprincipalname', cli_name='principal') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) @@ -3909,6 +3909,7 @@ option: Flag('force', autofill=True, default=False) option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') +option: Str('krbprincipalauthind*', cli_name='auth_ind') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') @@ -4011,10 +4012,11 @@ output: Output('completed', type=[<type 'int'>]) output: Output('failed', type=[<type 'dict'>]) output: Entry('result') command: service_find -args: 1,11,4 +args: 1,12,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) +option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind') option: Str('krbprincipalname?', autofill=False, cli_name='principal') option: Str('man_by_host*', cli_name='man_by_hosts') option: Flag('no_members', autofill=True, default=True) @@ -4029,7 +4031,7 @@ output: ListOfEntries('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('truncated', type=[<type 'bool'>]) command: service_mod -args: 1,12,3 +args: 1,13,3 arg: Str('krbprincipalname', cli_name='principal') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) @@ -4037,6 +4039,7 @@ option: Str('delattr*', cli_name='delattr') option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') +option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=170 -# Last change: mbasti - *-find: do not search for members by default +IPA_API_VERSION_MINOR=171 +# Last change: npmccallum - enable setting authinds on services diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 2d3476e83..ec2071b87 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -411,7 +411,7 @@ class service(LDAPObject): permission_filter_objectclasses = ['ipaservice'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', - 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform'] + 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', 'krbprincipalauthind'] uuid_attribute = 'ipauniqueid' attribute_members = { 'managedby': ['host'], @@ -505,6 +505,14 @@ class service(LDAPObject): " e.g. this might be necessary for NFS services."), values=(u'MS-PAC', u'PAD', u'NONE'), ), + Str('krbprincipalauthind*', + cli_name='auth_ind', + label=_('Authentication Indicators'), + doc=_("Defines a whitelist for Authentication Indicators." + " Use 'otp' to allow OTP-based 2FA authentications." + " Use 'radius' to allow RADIUS-based 2FA authentications." + " Other values may be used for custom configurations."), + ), ) + ticket_flags_params def validate_ipakrbauthzdata(self, entry): |