Bug 61858

Summary: Support for managed option
Product: realmd Reporter: Stef Walter <stefw>
Component: GeneralAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: stefw, yelley
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 61223    
Attachments: Add 'manage-system' option which defaults to TRUE
Add 'manage-system' option which defaults to TRUE
Use allow-realm-logins by default if manage-system
Use allow-realm-logins by default if manage-system

Description Stef Walter 2013-03-05 13:24:01 UTC 
Over time it has become clear that realmd should have support for configuring the local machine to respect all aspects of the domain policy and configuration.

This leads to the concept of having a 'domain-policy=false' option to the Join() command. This would tell realmd to only configure the identity services, rather than the entire kit and caboodle (such as SSH services, future GPO, and so on). 

This option would be called by gnome-control-center, because as designed there, the user simply wants to use specific enterprise logins, and not necessarily make the machine a part of the domain in all aspects.

This also helps refine the concepts of whether we support multiple domains. Only one domain can provide policy in any case.
Comment 1 Stef Walter 2013-03-22 14:51:05 UTC 
This should be 'managed=false'
Comment 2 Stef Walter 2013-04-12 17:01:45 UTC 
Created attachment 77904 [details] [review]
Add 'manage-system' option which defaults to TRUE

This is a per-realm setting, and Join() option which can be used
to make realmd not configure central management aspects when
joining a domain.
Comment 3 Stef Walter 2013-04-12 19:01:19 UTC 
Created attachment 77907 [details] [review]
Add 'manage-system' option which defaults to TRUE

This is a per-realm setting, and Join() option which can be used
to make realmd not configure central management aspects when
joining a domain.
Comment 4 Stef Walter 2013-04-12 19:01:23 UTC 
Created attachment 77908 [details] [review]
Use allow-realm-logins by default if manage-system

When manage-system is false, use allow-permitted-logins as the
default login policy, otherwise allow-realm-logins
Comment 5 Stef Walter 2013-04-12 19:01:55 UTC 
Yassir, this is ready for review.
Comment 6 Stef Walter 2013-04-25 09:13:11 UTC 
Created attachment 78452 [details] [review]
Use allow-realm-logins by default if manage-system

Rebased patch for earlier changes...
Comment 7 Stef Walter 2013-04-26 16:29:43 UTC 
Attachment 77907 [details] pushed as f80a3b0 - Add 'manage-system' option which defaults to TRUE
Attachment 78452 [details] pushed as ac73d7d - Use allow-realm-logins by default if manage-system

Pushed to master, to take part in the upcoming Fedora test day. This is really investmetn
in future realmd infrastructure. Reviewed the code again.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.