1389567 Extend anonymous read ACI for containers

1 file Authored by pviktori 9 years ago, Committed by mkosek 9 years ago,
    Extend anonymous read ACI for containers
    
    - Allow cn=etc,$SUFFIX with these exceptions:
      - cn=masters,cn=ipa,cn=etc,$SUFFIX
      - virtual operations
      - cn=replicas,cn=ipa,cn=etc,$SUFFIX
    - Disallow anonymous read access to Kerberos password policy
    
    Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
    
    Reviewed-By: Martin Kosek <mkosek@redhat.com>