IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
3,026 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
4ad8055341
Go to file
Rob Crittenden 4ad8055341 Re-implement access control using an updated model. 
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).

A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.

ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).

This makes the aci plugin internal only.

ticket 445
2010-12-01 20:42:31 -05:00
checks rebase dogtag clean-up patch 2009-12-09 01:57:08 -07:00
contrib build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
daemons Init smods to prevent crash if encode_keys fails 2010-11-29 17:21:17 -05:00
dev This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
doc/examples Clarify the description of --raw and -all 2010-11-08 15:23:03 -05:00
install Re-implement access control using an updated model. 2010-12-01 20:42:31 -05:00
ipa-client build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
ipa-radius-admintools Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 2008-09-11 23:34:01 +02:00
ipa-radius-server Fix versioning for configure.ac and ipa-python/setup.py 2008-08-11 18:31:05 -04:00
ipalib Re-implement access control using an updated model. 2010-12-01 20:42:31 -05:00
ipapython Catch when we fail to get a cert chain from the CA during installation 2010-11-24 08:39:00 -05:00
ipaserver Re-implement access control using an updated model. 2010-12-01 20:42:31 -05:00
selinux Grant /usr/sbin/ipa_kpasswd "name_bind" access. 2010-10-22 21:43:00 -04:00
tests Re-implement access control using an updated model. 2010-12-01 20:42:31 -05:00
util Use internal implementation of internal Kerberos functions 2010-11-22 16:01:35 -05:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore Ignore useless stuff by default 2010-10-18 13:25:20 -04:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
Contributors.txt Added Jr Aquino for sudo work 2010-09-27 22:38:11 -04:00
ipa Started reworking CLI class into cli plugin 2009-02-03 15:29:03 -05:00
ipa.1 Add SEE ALSO section to ipa man page 2010-11-03 10:26:02 -04:00
ipa.spec.in build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
LICENSE Added GPL v2 in LICENSE file 2008-10-14 16:51:04 -06:00
lite-server.py SUDO Rule Search and Details Pages 2010-11-19 16:53:30 -05:00
make-doc This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
make-test Added Fuzzy docstrings; make-test now runs doctests in tests/*; fixed 'existant' mispelling 2009-12-18 10:56:13 -05:00
Makefile Replication version checking. 2010-06-24 10:33:53 -04:00
MANIFEST.in Giant webui patch take 2 2009-10-13 11:28:00 -06:00
README Add a copy of the LICENSE and populate some README's 2008-01-23 10:30:18 -05:00
setup-client.py Add a separate client-only target 2009-10-17 22:56:47 -06:00
setup.py This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
TODO Updated TODO based on discussion between Rob, Pavel, and Jason; put TODO in reStructuredText style formatting 2009-05-19 09:55:34 -04:00
VERSION Become IPA v2 alpha 5 (1.9.0.pre5) 2010-11-09 15:03:20 -05:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Licensing
  ---------

  Please see the file called LICENSE.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa