diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2016-06-29 15:58:07 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-06-30 16:44:56 +0200 |
| commit | 235b19ba7f9807ecf10436d1a5b28518b4475a70 (patch) | |
| tree | 61111fb6ad7230d59cf4823a98cd81e06bae4804 /ipaserver/plugins/service.py | |
| parent | 97db87b383b1ae4639bdb51793354bad30adf5a9 (diff) | |
| download | freeipa-235b19ba7f9807ecf10436d1a5b28518b4475a70.tar.gz freeipa-235b19ba7f9807ecf10436d1a5b28518b4475a70.tar.xz freeipa-235b19ba7f9807ecf10436d1a5b28518b4475a70.zip | |
service: Added permissions for auth. indicators read/modify
Added permissions for Kerberos authentication indicators reading and
modifying to service objects.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipaserver/plugins/service.py')
| -rw-r--r-- | ipaserver/plugins/service.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index bead94d3f..c44ad7ac2 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -410,7 +410,7 @@ class service(LDAPObject): 'krbprincipalname', 'krbcanonicalname', 'krbprincipalaliases', 'krbprincipalexpiration', 'krbpasswordexpiration', 'krblastpwdchange', 'ipakrbauthzdata', 'ipakrbprincipalalias', - 'krbobjectreferences', + 'krbobjectreferences', 'krbprincipalauthind', }, }, 'System: Add Services': { @@ -438,7 +438,7 @@ class service(LDAPObject): }, 'System: Modify Services': { 'ipapermright': {'write'}, - 'ipapermdefaultattr': {'usercertificate'}, + 'ipapermdefaultattr': {'usercertificate', 'krbprincipalauthind'}, 'replaces': [ '(targetattr = "usercertificate")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Services";allow (write) groupdn = "ldap:///cn=Modify Services,cn=permissions,cn=pbac,$SUFFIX";)', ], |