b584ffa Add ACIs for Dogtag custodia client

1 file Authored by ftweedal 7 years ago, Committed by jcholast 7 years ago,
    Add ACIs for Dogtag custodia client
    
    The "dogtag/$HOSTNAME@$REALM" service principal uses Custodia to
    retrieve lightweight CA signing keys, and therefore needs search and
    read access to Custodia keys.  Add an ACI to permit this.
    
    Also add ACIs to allow host principals to manage Dogtag custodia
    keys for the same host.
    
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>