Let Host Administrators use host-disable command

Host Administrators could not write to service keytab attribute and thus they could not run the host-disable command. https://fedorahosted.org/freeipa/ticket/4284 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-06-27 16:14:56 +02:00 · 2014-06-27 16:14:56 +02:00 · 50c30c8401
commit 50c30c8401
parent ffab09a7ef
1 changed files with 1 additions and 1 deletions
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@ -343,7 +343,7 @@ class service(LDAPObject):
            'replaces': [
                '(targetattr = "krbprincipalkey || krblastpwdchange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage service keytab";allow (write) groupdn = "ldap:///cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX";)',
            ],
-            'default_privileges': {'Service Administrators'},
+            'default_privileges': {'Service Administrators', 'Host Administrators'},
        },
        'System: Modify Services': {
            'ipapermright': {'write'},