freeipa

Clone
Source Code
GIT

b243da4 Allow read access to masters, but not their services, to auth'd users

1 file Authored by pviktori 9 years ago, Committed by mkosek 9 years ago,
raw patch tree parent
1 file changed. 4 lines added. 0 lines removed.
install/updates/20-aci.update
file modified
+4 -0 
    Allow read access to masters, but not their services, to auth'd users
    
    The ipa host-del command checks if the host to be deleted is an
    IPA master by looking up the entry in cn=masters.
    If the entry is not accessible, host-del would proceed to delete
    the host.
    Thus we need to allow reading the master entries to at least
    those that can delete hosts.
    Since the host information is also available via DNS, it makes
    no sense be extremely secretive about it.
    
    Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
    
    Reviewed-By: Martin Kosek <mkosek@redhat.com>
file modified
+4 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.