Bug 61858 - Support for managed option
Support for managed option
Status: RESOLVED FIXED
Product: realmd
Classification: Unclassified
Component: General
unspecified
Other All
: medium normal
Assigned To: Stef Walter
:
Depends on:
Blocks: 61223
  Show dependency treegraph
 
Reported: 2013-03-05 13:24 UTC by Stef Walter
Modified: 2013-04-26 16:29 UTC (History)
2 users (show)

See Also:


Attachments
Add 'manage-system' option which defaults to TRUE (4.96 KB, patch)
2013-04-12 17:01 UTC, Stef Walter
Details | Splinter Review
Add 'manage-system' option which defaults to TRUE (4.96 KB, patch)
2013-04-12 19:01 UTC, Stef Walter
Details | Splinter Review
Use allow-realm-logins by default if manage-system (8.35 KB, patch)
2013-04-12 19:01 UTC, Stef Walter
Details | Splinter Review
Use allow-realm-logins by default if manage-system (8.34 KB, patch)
2013-04-25 09:13 UTC, Stef Walter
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Stef Walter 2013-03-05 13:24:01 UTC
Over time it has become clear that realmd should have support for configuring the local machine to respect all aspects of the domain policy and configuration.

This leads to the concept of having a 'domain-policy=false' option to the Join() command. This would tell realmd to only configure the identity services, rather than the entire kit and caboodle (such as SSH services, future GPO, and so on). 

This option would be called by gnome-control-center, because as designed there, the user simply wants to use specific enterprise logins, and not necessarily make the machine a part of the domain in all aspects.

This also helps refine the concepts of whether we support multiple domains. Only one domain can provide policy in any case.
Comment 1 Stef Walter 2013-03-22 14:51:05 UTC
This should be 'managed=false'
Comment 2 Stef Walter 2013-04-12 17:01:45 UTC
Created attachment 77904 [details] [review]
Add 'manage-system' option which defaults to TRUE

This is a per-realm setting, and Join() option which can be used
to make realmd not configure central management aspects when
joining a domain.
Comment 3 Stef Walter 2013-04-12 19:01:19 UTC
Created attachment 77907 [details] [review]
Add 'manage-system' option which defaults to TRUE

This is a per-realm setting, and Join() option which can be used
to make realmd not configure central management aspects when
joining a domain.
Comment 4 Stef Walter 2013-04-12 19:01:23 UTC
Created attachment 77908 [details] [review]
Use allow-realm-logins by default if manage-system

When manage-system is false, use allow-permitted-logins as the
default login policy, otherwise allow-realm-logins
Comment 5 Stef Walter 2013-04-12 19:01:55 UTC
Yassir, this is ready for review.
Comment 6 Stef Walter 2013-04-25 09:13:11 UTC
Created attachment 78452 [details] [review]
Use allow-realm-logins by default if manage-system

Rebased patch for earlier changes...
Comment 7 Stef Walter 2013-04-26 16:29:43 UTC
Attachment 77907 [details] pushed as f80a3b0 - Add 'manage-system' option which defaults to TRUE
Attachment 78452 [details] pushed as ac73d7d - Use allow-realm-logins by default if manage-system

Pushed to master, to take part in the upcoming Fedora test day. This is really investmetn
in future realmd infrastructure. Reviewed the code again.