Commit - freeipa - 9cfcb03c704309b972e4737e0a7a7a245dfa7923

    keytab manipulation permission management
    
    Adds new API:
      ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR
      ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR
      ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR
      ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR
    
      ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR
      ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR
      ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR
      ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR
    
    these methods add or remove user or group DNs in `ipaallowedtoperform` attr with
    `read_keys` and `write_keys` subtypes.
    
    service|host-mod|show outputs these attrs only with --all option as:
    
      Users allowed to retrieve keytab: user1
      Groups allowed to retrieve keytab: group1
      Users allowed to create keytab: user1
      Groups allowed to create keytab: group1
    
    Adding of object class is implemented as a reusable method since this code is
    used on many places and most likely will be also used in new features. Older
    code may be refactored later.
    
    https://fedorahosted.org/freeipa/ticket/4419
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ACI.txt

file modified

+4 -0

API.txt

file modified

+96 -0

VERSION

file modified

+2 -2

ipalib/plugins/baseldap.py

file modified

+17 -0

ipalib/plugins/host.py

file modified

+112 -4

ipalib/plugins/service.py

file modified

+129 -5

freeipa

Source Code

9cfcb03 keytab manipulation permission management

Authored and Committed by pvoborni 9 years ago

`9cfcb03` keytab manipulation permission management