be7de56 Change the way has_keytab is determined, also check for password.

16 files Authored by rcritten 12 years ago, Committed by mkosek 12 years ago,
    Change the way has_keytab is determined, also check for password.
    
    We need an indicator to see if a keytab has been set on host and
    service entries. We also need a way to know if a one-time password is
    set on a host.
    
    This adds an ACI that grants search on userPassword and
    krbPrincipalKey so we can do an existence search on them. This way
    we can tell if the attribute is set and create a fake attribute
    accordingly.
    
    When a userPassword is set on a host a keytab is generated against
    that password so we always set has_keytab to False if a password
    exists. This is fine because when keytab gets generated for the
    host the password is removed (hence one-time).
    
    This adds has_keytab/has_password to the user, host and service plugins.
    
    ticket https://fedorahosted.org/freeipa/ticket/1538
    
        
file modified
+26 -0
file modified
+21 -12
file modified
+8 -19
file modified
+6 -0