IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-27 09:21:59 -06:00
Code Issues Packages Projects Releases Wiki Activity
59ee6314af
freeipa/ipalib
History
Petr Vobornik 59ee6314af keytab manipulation permission management 
Adds new API:
  ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR
  ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR
  ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR
  ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR

  ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR
  ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR
  ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR
  ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR

these methods add or remove user or group DNs in `ipaallowedtoperform` attr with
`read_keys` and `write_keys` subtypes.

service|host-mod|show outputs these attrs only with --all option as:

  Users allowed to retrieve keytab: user1
  Groups allowed to retrieve keytab: group1
  Users allowed to create keytab: user1
  Groups allowed to create keytab: group1

Adding of object class is implemented as a reusable method since this code is
used on many places and most likely will be also used in new features. Older
code may be refactored later.

https://fedorahosted.org/freeipa/ticket/4419

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-10-17 14:11:35 +02:00
..
plugins keytab manipulation permission management 2014-10-17 14:11:35 +02:00
__init__.py ipalib.frontend: Do API version check before converting arguments 2014-06-13 14:15:06 +02:00
aci.py ipalib.aci: Fix bugs in comparison 2014-06-04 10:10:08 +02:00
backend.py JSON client: Log pretty-printed request and response with -vv or above 2014-09-24 13:57:56 +02:00
base.py Allow indexing API object types by class 2014-03-25 14:18:12 +01:00
capabilities.py dns_name_values capability added 2014-06-03 15:55:32 +02:00
certstore.py Add certificate store module ipalib.certstore. 2014-07-30 16:04:21 +02:00
cli.py CLI conversion of DNSName type 2014-06-03 15:55:32 +02:00
config.py Test and docstring fixes 2014-06-23 10:54:42 +02:00
constants.py idviews: Support specifying object names instead of raw anchors only 2014-09-30 10:42:06 +02:00
crud.py Add optional_create flag 2013-10-08 16:46:20 +02:00
errors.py ipaserver/dcerpc.py: Make sure trust is established only to forest root domain 2014-09-01 08:42:52 +02:00
frontend.py ipalib.frontend: Do API version check before converting arguments 2014-06-13 14:15:06 +02:00
krb_utils.py Pylint cleanup. 2013-01-29 15:39:49 +01:00
messages.py Deprecation of --name-server and --ip-address option in DNS 2014-09-25 16:38:02 +02:00
output.py Allow primary keys to use different type than unicode. 2014-04-18 14:59:20 +02:00
parameters.py Check normalization only for IDNA domains 2014-07-01 09:58:42 +02:00
pkcs10.py Support requests with SAN in cert-request. 2014-06-24 12:10:01 +02:00
plugable.py Add version and API version 2014-06-09 16:27:41 +02:00
request.py Remove deprecated i18n code from ipalib/request and all references to it. 2011-03-01 10:31:36 -05:00
rpc.py Introduce NSS database /etc/ipa/nssdb 2014-09-30 10:01:38 +02:00
session.py ipaplatform: Move all filesystem paths to ipaplatform.paths module 2014-06-16 19:48:20 +02:00
text.py Add ConcatenatedLazyText object 2013-11-21 10:34:25 +01:00
util.py DNS: autofill admin email 2014-09-25 16:38:02 +02:00
x509.py Check LDAP instead of local configuration to see if IPA CA is enabled 2014-10-17 12:53:11 +02:00