http://www.freeipa.org/page/V4/URI-based_HBAC
I have made some important changes to the design document of this
proposed feature. The difference is mainly changing regular expression
interpretation of URI to longest-prefix matching.
This change was done mainly because of upstream's reactions. I v
I created a design page for the feature:
http://www.freeipa.org/page/URI-based-HBAC-design
--
Lukas Hellebrandt
Associate Quality Engineer
lhell...@redhat.com
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/
Hi, FreeIPA and SSSD communities!
I am working on adding URI to HBAC as my thesis [1]. The goal is to
control access not only based on (user, host, service), but on (user,
host, service, resource's URI).
I created a patch for FreeIPA [2] so it is capable of storing URI as
part of HBAC rule. I cre
On 02/29/2016 12:44 PM, Jakub Hrozek wrote:
> On Mon, Feb 29, 2016 at 11:50:06AM +0100, Lukáš Hellebrandt wrote:
>> On 02/28/2016 11:42 AM, Jakub Hrozek wrote:
>>> On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote:
>>>>> First question I have is tha
On 02/28/2016 11:42 AM, Jakub Hrozek wrote:
> On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote:
>>> First question I have is that the URLs only match on complete string
>>> match. From past conversations I thought we wanted to add a more
>>> gra
>>
>> Btw, is there some better place to share patches than a pasting tool?
>> Maybe some form of pull request?
>
> You can clone SSSD on github and publish a branch in your clone
> https://github.com/SSSD/sssd
>
https://github.com/lhellebr/sssd/commits/url_in_hbac
> First question I have is that the URLs only match on complete string
> match. From past conversations I thought we wanted to add a more
> granular evaluation..?
I am planning to interpret URI as a prefix. However, there might be
problem getting enough granularity because FreeIPA has dropped DENY
Hi, FreeIPA and SSSD communities!
I am working on adding URI to HBAC as my thesis [1]. The goal is to
control access not only based on (user, host, service), but on (user,
host, service, resource's URI).
I created a patch for FreeIPA [2] so it is capable of storing URI as
part of HBAC rule. I cre