Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Simo Sorce wrote: On Wed, 2012-07-18 at 16:19 +0300, Alexander Bokovoy wrote: On Wed, 18 Jul 2012, Rob Crittenden wrote: >Alexander Bokovoy wrote: >>On Tue, 17 Jul 2012, Rob Crittenden wrote: >>>Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: >

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 2012-07-18 at 16:19 +0300, Alexander Bokovoy wrote: > On Wed, 18 Jul 2012, Rob Crittenden wrote: > >Alexander Bokovoy wrote: > >>On Tue, 17 Jul 2012, Rob Crittenden wrote: > >>>Alexander Bokovoy wrote: > On Fri, 13 Jul 2012, Alexander Bokovoy wrote: > >Hi, > > > >when adding

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' g

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Wed, 18 Jul 2012, Alexander Bokovoy wrote: On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appro

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Tue, 17 Jul 2012, Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch in

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Alexander Bokovoy wrote: On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check

Re: [Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

On Fri, 13 Jul 2012, Alexander Bokovoy wrote: Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check if ipa-adtrust-install is

[Freeipa-devel] [PATCH] 0060 Ensure ipa-adtrust-install is run as admin user

Hi, when adding AD trusts support, we need to ensure we have valid kerberos ticket of the user from 'admins' group or otherwise appropriate ACIs will not be granted. This patch introduces a check for that. We already check if ipa-adtrust-install is run by root so this complements existing checks