Currently there is not ACI denying access to ipaNTHash as for other password attributes. ipaNTHash should be protected in the same way by new installs and updated installations
I'll take this
I can take this ticket, I will touch global ACIs in a scope of #2511 anyway.
attachment freeipa-mkosek-278-remove-ipanthash-from-global-allow-aci.patch
Patch freeipa-mkosek-278-remove-ipanthash-from-global-allow-aci.patch sent for review
master: 32ef4ef
Rename "trusts" component to "Trusts" to achieve correct sorting.
Metadata Update from @sbose: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0 Beta 1
Login to comment on this ticket.