On 01/27/2016 06:12 PM, Jakub Hrozek wrote:
On Wed, Jan 27, 2016 at 05:28:25PM +0200, Nikolai Kondrashov wrote:
On 01/27/2016 04:44 PM, Jakub Hrozek wrote:
On Wed, Jan 27, 2016 at 03:59:10PM +0200, Nikolai Kondrashov wrote:
I guess some options would need to be configurable only globally, e.g. the
latency and maximum payload. Others might be per-machine (or distro), e.g.
the log target and options. And some definitely per-user, e.g. the shell.
For the start we can have only the shell configurable through sssd somehow and
leave the rest to local config files. We can add the rest later, but I'm
trying to prepare the tlog configuration interface for that.
Could the local overrides be a good way to configure the per-user
attributes since the infrastructure is already there?
If you mean using sss_override, then I'm not sure it will help. Although it is
likely I don't understand it well.
Pam_sss should still pass the original shell to tlog, likely supplied with
SSS_PAM_ENV_ITEM messages, as Sumit describes. However if it was overriden,
where would we get it from? Plus, we'll still have to have custom code
which will send that SSS_PAM_ENV_ITEM message.
While this is something we definitely need to solve, the main question of this
thread was which way you'd like these environment variables be encoded and
also if you'd like to push all the configuration through them or perhaps push
some of it through the configuration file.
Do you have any preference?
I was thinking we could push whether tlog is enabled at all for
this user or not via the local overrides.
Hmm, provided tlog configuration is always exported via pam_sss with the
actual shell (not the overriden one), this might work for the start. However,
eventually, when we implement centralized configuration, this will need to
change, if I understand correctly.
Nick
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
