Issue #3016: Add ACI to allow adtrust agents to write to ipaNThash - freeipa

freeipa

#3016 Add ACI to allow adtrust agents to write to ipaNThash

Closed: Fixed None Opened 11 years ago by abbra.

Samba process needs to initiate re-generation of ipaNTHash attribute based on Kerberos key. This regeneration happens when ipaNTHash is replaced with a value of MagicRegen.

Unfortunately, default ACIs prevent adtrust agents group to modify ipaNTHash.

abbra commented 11 years ago

Patch is on the list and includes testing instructions: https://www.redhat.com/archives/freeipa-devel/2012-August/msg00227.html

abbra commented 11 years ago

Committed to master:155d1ef and 6171d0a

Committed to 3.0: 9cb3093 and c6e4ac7

dpal commented 11 years ago

Moving closed RC1 tickets to Beta 3.

Metadata Update from @abbra:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.0 Beta 3

7 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0 Beta 3

None

affects_doc

None

source

None

knownissue

None

type

task

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#3016 Add ACI to allow adtrust agents to write to ipaNThash Closed: Fixed None Opened 11 years ago by abbra.

Metadata

#3016 Add ACI to allow adtrust agents to write to ipaNThash

Closed: Fixed None Opened 11 years ago by abbra.