mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
2ed5eca762
When 'ipa krbtpolicy-reset' is called, we need to reset all policy settings, including per-indicator ones. Per-indicator policy uses subtyped attributes (foo;bar), the current krbtpolicy-reset code does not deal with those. Add support for per-indicator policy reset. It is a bit tricky, as we need to drop the values to defaults but avoid adding non-per-indicator variants of the same attributes. Add test to check that policy has been resetted by observing a new Kerberos TGT for the user after its policy reset. Fixes: https://pagure.io/freeipa/issue/8153 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>