IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Loosen the ACI for the KDC to allow adds/deletes

Browse Source 
Password policy entries must be a child of the entry protected by this
ACI.

Also change the format of this because in DS it was stored as:
\n(target)\n so was base64-encoded when it was retrieved.
This commit is contained in:
Rob Crittenden
2009-10-02 09:27:08 -04:00
committed by Jason Gerard DeRose
parent 8de6dc00dc
commit 48785a5af1
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/install/krbinstance.py
View File

@@ -44,9 +44,7 @@ import pyasn1.codec.ber.encoder
import pyasn1.codec.ber.decoder
import struct
KRBMKEY_DENY_ACI = """
(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (all) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
"""
KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)'
def update_key_val_in_file(filename, key, val):
if os.path.exists(filename):