#5487 Change permissions to manage keytab to use ipaProtectedOperation
Opened 8 years ago by simo. Modified 7 years ago

The new getkeytab interface uses ACIs based on the ipaProtectedoperation attribute.

The "Manage Host Keytab" Permission should be changed to also use the getkeytab operation in addition to the classic permission to write krbPrincipalKey, in order to allow new clients to use the getkeytab operation in preference.

Eventually we should drop support for setkeytab completely, but this is the first step to get there.


Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Login to comment on this ticket.

Metadata