On Fri, 2011-06-24 at 09:54 -0400, Stephen Gallagher wrote: > New patches attached with some significant changes. After much > discussion, we decided that, rather than implement a facility for > identifying "unresolved groups" for the user, we would instead perform > a > group lookup during the initial pull-down of the HBAC rules. This way, > we know that all groups that are relevant to HBAC rules are available > on > the system. So if a user is a member of a group that is not > resolvable, > we don't have to worry that it might match a DENY rule.
NACK New patches fail to take in account non-posix groups. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel