diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 17:11:23 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-16 16:10:43 +0200 |
| commit | b53f2d28fdc64a99c16b6e9434911da0058c9f58 (patch) | |
| tree | 99246fddf88c45774e9eccbcf9d8ab91187dcf57 /install/updates | |
| parent | 6b0c6bf34435859a21936ad69d3eb984c27f9d8d (diff) | |
| download | freeipa-b53f2d28fdc64a99c16b6e9434911da0058c9f58.tar.gz freeipa-b53f2d28fdc64a99c16b6e9434911da0058c9f58.tar.xz freeipa-b53f2d28fdc64a99c16b6e9434911da0058c9f58.zip | |
Add managed read permissions to krbtpolicy
Unlike other objects, the ticket policy is stored in different
subtrees: global policy in cn=kerberos and per-user policy in
cn=users,cn=accounts.
Add two permissions, one for each location.
Also, modify tests so that adding new permissions in cn=users
doesn't cause failures.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Diffstat (limited to 'install/updates')
| -rw-r--r-- | install/updates/40-delegation.update | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update index 27e605789..6ab849bf8 100644 --- a/install/updates/40-delegation.update +++ b/install/updates/40-delegation.update @@ -408,3 +408,10 @@ default:objectClass: groupofnames default:objectClass: top default:cn: Password Policy Readers default:description: Read password policies + +dn: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,$SUFFIX +default:objectClass: nestedgroup +default:objectClass: groupofnames +default:objectClass: top +default:cn: Kerberos Ticket Policy Readers +default:description: Read global and per-user Kerberos ticket policy |