freeipa

Clone
Source Code
GIT

5d603fc radiusproxy: add permission for reading radius proxy servers

2 files Authored by frenaud 5 years ago, Committed by cheimes 5 years ago,
raw patch tree parent
2 files changed. 21 lines added. 0 lines removed.
ACI.txt
file modified
+2 -0
ipaserver/plugins/radiusproxy.py
file modified
+19 -0 
    radiusproxy: add permission for reading radius proxy servers
    
    A non-admin user which has the "User Administrator" role cannot
    add a user with ipa user-add --radius=<proxy> because the
    call needs to read the radius proxy server entries.
    
    The fix adds a System permission for reading radius proxy server
    entries (all attributes except the ipatokenradiussecret). This
    permission is added to the already existing privileges "User
    Administrators" and "Stage User Administrators", so that the role
    "User Administrator" can call ipa [stage]user-add|mod --radius=<proxy>
    
    Fixes: https://pagure.io/freeipa/issue/7570
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+2 -0
file modified
+19 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.