| Summary: | Tweak login policy constants to handle IPA HBAC | ||
|---|---|---|---|
| Product: | realmd | Reporter: | Stef Walter <stefw> |
| Component: | General | Assignee: | Stef Walter <stefw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | CC: | jhrozek, stefw, yelley |
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Bug Depends on: | 55041 | ||
| Bug Blocks: | 56023, 62518 | ||
| Attachments: | Support realm login policy | ||
|
Description
Stef Walter
2013-02-11 07:00:15 UTC
Created attachment 77049 [details] [review] Support realm login policy Yassir, is this something you have time review? Comment on attachment 77049 [details] [review] Support realm login policy Review of attachment 77049 [details] [review]: ----------------------------------------------------------------- ::: service/realm-sssd-ad.c @@ +229,4 @@ > > "id_provider", "ad", > "auth_provider", "ad", > + "access_provider", "ad", Just a word of warning -- The AD access control provider checks if the account is expired. It has the same effect as the following configuration of the LDAP provider: access_provider = ldap ldap_access_order = expire ldap_account_expire_policy = ad The IPA changes look good to me. (In reply to comment #3) > > + "access_provider", "ad", > > Just a word of warning -- The AD access control provider checks if the > account is expired. Good. I think that's what would be expected. To follow the login policy of the domain in this case. Attachment 77049 [details] pushed as cf1602d - Support realm login policy
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.