On Tue, 2012-07-10 at 07:59 -0400, Simo Sorce wrote: > On Mon, 2012-07-09 at 18:00 +0200, Sumit Bose wrote: > > On Thu, Jul 05, 2012 at 03:05:37PM -0400, Simo Sorce wrote: > > > On Thu, 2012-07-05 at 21:01 +0200, Sumit Bose wrote: > > > > On Thu, Jul 05, 2012 at 01:30:02PM -0400, Simo Sorce wrote: > > > > > On Thu, 2012-07-05 at 18:51 +0200, Sumit Bose wrote: > > > > > > On Thu, Jul 05, 2012 at 09:12:16AM -0400, Simo Sorce wrote: > > > > > > > On Thu, 2012-07-05 at 14:06 +0200, Sumit Bose wrote: > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > this patch added the checks requested in ticket #1382 to the PAC > > > > > > > > responder. The check itself can be found in the commom > > > > > > > > responder code. > > > > > > > > It can be used by all responder, but currently only the PAC > > > > > > > > responder > > > > > > > > uses it. > > > > > > > > > > > > > > > > I took a quite strict default here, i.e. only root is allowed to > > > > > > > > access > > > > > > > > the PAC responder by default. Is this too restrictive? > > > > > > > > > > > > > > > > > > > > > > Patch looks good, but I wonder why you do not allow specifying > > > > > > > user > > > > > > > names, a getpwnam() is not too expensive. > > > > > > > > > > > > yes, but I think this way is more robust because I expect that > > > > > > someone > > > > > > will have some system accounts served by sssd, see e.g. > > > > > > https://fedorahosted.org/sssd/ticket/1357 . But if you prefer I can > > > > > > add > > > > > > a loop with getpwnam() at startup time. > > > > > > > > > > I think we can express the problems with using usernames in the man > > > > > page. > > > > > > > > > > If this list is generated after the sssd_nss responder is started > > > > > though, we should have no issues resolving any name even if sssd > > > > > itself > > > > > provides them (assuming you unset the env variable that prevents loops > > > > > in the PAC responder). > > > > > > > > Ok, then I will change it to accept usernames. Shall it be usernames > > > > only or usernames and UIDs (and if the second, what about numerical > > > > usernames :-) > > > > > > Usernames an uids, a numeric only string is always a uid. > > > > > > > ok, new version attached. > > Ack. > Simo. >
Pushed to master.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
