Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-16 Thread Martin Kosek
On 04/16/2014 12:34 PM, Petr Viktorin wrote: > On 04/16/2014 12:07 PM, Petr Viktorin wrote: >> On 04/16/2014 07:48 AM, Martin Kosek wrote: >>> On 04/15/2014 06:10 PM, Ludwig Krispenz wrote: On 04/15/2014 05:45 PM, Ludwig Krispenz wrote: > > On 04/15/2014 05:10 PM, Martin Kosek wro

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-16 Thread Petr Viktorin
On 04/16/2014 12:07 PM, Petr Viktorin wrote: On 04/16/2014 07:48 AM, Martin Kosek wrote: On 04/15/2014 06:10 PM, Ludwig Krispenz wrote: On 04/15/2014 05:45 PM, Ludwig Krispenz wrote: On 04/15/2014 05:10 PM, Martin Kosek wrote: On 04/15/2014 05:08 PM, Simo Sorce wrote: On Tue, 2014-04-15 at

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-16 Thread Petr Viktorin
On 04/16/2014 07:48 AM, Martin Kosek wrote: On 04/15/2014 06:10 PM, Ludwig Krispenz wrote: On 04/15/2014 05:45 PM, Ludwig Krispenz wrote: On 04/15/2014 05:10 PM, Martin Kosek wrote: On 04/15/2014 05:08 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: On 04/15/20

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Martin Kosek
On 04/15/2014 06:10 PM, Ludwig Krispenz wrote: On 04/15/2014 05:45 PM, Ludwig Krispenz wrote: On 04/15/2014 05:10 PM, Martin Kosek wrote: On 04/15/2014 05:08 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: On 04/15/2014 03:16 PM, Simo Sorce wrote: On Tue, 2014-

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Ludwig Krispenz
On 04/15/2014 05:45 PM, Ludwig Krispenz wrote: On 04/15/2014 05:10 PM, Martin Kosek wrote: On 04/15/2014 05:08 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: On 04/15/2014 03:16 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: On 0

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Ludwig Krispenz
On 04/15/2014 05:10 PM, Martin Kosek wrote: On 04/15/2014 05:08 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: On 04/15/2014 03:16 PM, Simo Sorce wrote: On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: On 04/15/2014 09:43 AM, Martin Kosek wrote: On 04/15

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Martin Kosek
On 04/15/2014 05:08 PM, Simo Sorce wrote: > On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: >> On 04/15/2014 03:16 PM, Simo Sorce wrote: >>> On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: On 04/15/2014 09:43 AM, Martin Kosek wrote: > On 04/15/2014 09:38 AM, Martin Kosek wro

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Simo Sorce
On Tue, 2014-04-15 at 16:48 +0200, Martin Kosek wrote: > On 04/15/2014 03:16 PM, Simo Sorce wrote: > > On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: > >> On 04/15/2014 09:43 AM, Martin Kosek wrote: > >>> On 04/15/2014 09:38 AM, Martin Kosek wrote: > On 04/14/2014 07:18 PM, Simo Sorce

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Martin Kosek
On 04/15/2014 03:16 PM, Simo Sorce wrote: > On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: >> On 04/15/2014 09:43 AM, Martin Kosek wrote: >>> On 04/15/2014 09:38 AM, Martin Kosek wrote: On 04/14/2014 07:18 PM, Simo Sorce wrote: > On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wr

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Simo Sorce
On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote: > On 04/15/2014 09:43 AM, Martin Kosek wrote: > > On 04/15/2014 09:38 AM, Martin Kosek wrote: > >> On 04/14/2014 07:18 PM, Simo Sorce wrote: > >>> On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: > Hello, > > The first pa

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Petr Viktorin
On 04/15/2014 09:43 AM, Martin Kosek wrote: On 04/15/2014 09:38 AM, Martin Kosek wrote: On 04/14/2014 07:18 PM, Simo Sorce wrote: On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: Hello, The first patch adds default read permissions to krbtpolicy. Since the plugin manages entries in two

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Martin Kosek
On 04/15/2014 09:38 AM, Martin Kosek wrote: > On 04/14/2014 07:18 PM, Simo Sorce wrote: >> On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: >>> Hello, >>> >>> The first patch adds default read permissions to krbtpolicy. Since the >>> plugin manages entries in two trees, there are two permis

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-15 Thread Martin Kosek
On 04/14/2014 07:18 PM, Simo Sorce wrote: > On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: >> Hello, >> >> The first patch adds default read permissions to krbtpolicy. Since the >> plugin manages entries in two trees, there are two permissions. Since >> two permissions are needed to cove

Re: [Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-14 Thread Simo Sorce
On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote: > Hello, > > The first patch adds default read permissions to krbtpolicy. Since the > plugin manages entries in two trees, there are two permissions. Since > two permissions are needed to cover krbtpolicy, it can't be used as a > permissio

[Freeipa-devel] [PATCHES] 0521-0522 - Add managed read permissions to krbtpolicy & Allow anonymous read access to Kerberos realm container name

2014-04-14 Thread Petr Viktorin
Hello, The first patch adds default read permissions to krbtpolicy. Since the plugin manages entries in two trees, there are two permissions. Since two permissions are needed to cover krbtpolicy, it can't be used as a permission's --type. The permissions are added to a new privilege, 'Kerberos