Restrict access to totpSeed

author Tollef Fog Heen <tfheen@err.no>

Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)
author Tollef Fog Heen <tfheen@err.no>
Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in

index eca64fd..be4988c 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -67,6 +67,10 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
  access to attrs=userPassword,sudoPassword,webPassword,rtcPassword,bATVToken
         by * compare
  
  access to attrs=userPassword,sudoPassword,webPassword,rtcPassword,bATVToken
         by * compare
  
+# inaccessible to everybody
+access to attrs=totpSeed
+       by * none
+
  # readable only by self
  access to attrs=sshrsaauthkey
         by self read
  # readable only by self
  access to attrs=sshrsaauthkey
         by self read
author	Tollef Fog Heen <tfheen@err.no>
	Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)