diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2016-08-11 11:52:05 +0300 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-08-17 16:41:38 +0200 |
| commit | 1c73ac91a4c76cbada91f2b30d8b731b91af5195 (patch) | |
| tree | 46dfbef6987180d79c28a475049779793d53b001 /ipaserver/plugins | |
| parent | 4ee426a68ec60370eee6f5aec917ecce444840c7 (diff) | |
| download | freeipa-1c73ac91a4c76cbada91f2b30d8b731b91af5195.tar.gz freeipa-1c73ac91a4c76cbada91f2b30d8b731b91af5195.tar.xz freeipa-1c73ac91a4c76cbada91f2b30d8b731b91af5195.zip | |
service: add flag to allow S4U2Self
Prerequisite for: https://fedorahosted.org/freeipa/ticket/5764
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/service.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index a44dcaa5e..04d1916fe 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -171,11 +171,18 @@ ticket_flags_params = ( doc=_('Client credentials may be delegated to the service'), flags=['virtual_attribute', 'no_search'], ), + Bool('ipakrboktoauthasdelegate?', + cli_name='ok_to_auth_as_delegate', + label=_('Trusted to authenticate as user'), + doc=_('The service is allowed to authenticate on behalf of a client'), + flags=['virtual_attribute', 'no_search'], + ), ) _ticket_flags_map = { 'ipakrbrequirespreauth': 0x00000080, 'ipakrbokasdelegate': 0x00100000, + 'ipakrboktoauthasdelegate': 0x00200000, } _ticket_flags_default = _ticket_flags_map['ipakrbrequirespreauth'] |