On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote: > Hello, > > please see simple patch attached. > > Thanks! Nack. First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as opposed to a human user). Looking at it, this PAM stack (systemd-user) is called whenever the system invokes starts a session instance of systemd. It seems to me, this really belongs added to the list of default options for ad_gpo_map_permit to always allow access (since this has to be allowed for system functionality to work properly). Also, please update the manpages to match, since they specifically list all of the default values.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel