On 03/18/2013 12:38 PM, Jan Cholasta wrote: > Hi, > > this patch implements <https://fedorahosted.org/freeipa/ticket/3329>. > > Because the design is not finished yet, this is a minimal implementation - it > uses the krbTicketFlags attribute directly (which means no delegation of > rights > to modify specific flags to specific admins) and there is no support for > per-service type default values. > > Honza > >
I checked what you have already and this is what I found: 1) Internal error if I try to remove krbticketflags via *attr functions: # ipa service-add foo/`hostname` --setattr=krbticketflags=None ipa: ERROR: an internal error has occurred # ipa service-add foo/`hostname` ------------------------------------------------------------------------ Added service "foo/vm-037.idm.lab.bos.redhat....@idm.lab.bos.redhat.com" ------------------------------------------------------------------------ # ipa service-mod foo/`hostname` --setattr=krbticketflags=None ipa: ERROR: an internal error has occurred 2) The RFE page needs updating, it does not reflect current reality. AFAIU, the only thing that's left to be decided is the granularity of the ACIs used to control this flag. Otherwise, the patch works fine. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
