[SSSD] Re: Configuring tlog from SSSD

Fri, 29 Jan 2016 04:01:00 -0800 

On 01/29/2016 10:41 AM, Lukas Slebodnik wrote:

On (28/01/16 20:29), Nikolai Kondrashov wrote:

On 01/28/2016 12:24 PM, Lukas Slebodnik wrote:

On (27/01/16 16:30), Nikolai Kondrashov wrote:

On 01/27/2016 04:17 PM, Lukas Slebodnik wrote:

You mention many options which could be possibly passed to tlog.
e.g.
     TLOG_REC_CONF='{
         "shell":    "/bin/bash",
         "warning":  "WARNING! Your session is being recorded!\n",
         "latency":  10,
         "writer":   "syslog",
         "syslog": {
             "facility": "authpriv",
             "level":    "info"
         }
     }'

Where will be these option stored? In LDAP?


No idea yet. Some of them definitely will, but likely not all.


In this case I would prefer to have the simplest change in sssd
as possible. https://fedorahosted.org/sssd/ticket/2893

SSSD should just enforce using tlog as a shell and provide
name of profile. This profile will be used by tlog to download
configuration (json) from webservice.
The similar approach was discussed with IPA integration with GNOME.
IIRC there is already POC; Alexander might know more.


I think I understand the idea and perhaps storing configuration on a
webservice is fine. However, aren't we forgoing all the management
functionality LDAP provides by putting the configuration on a webservice?

I mean per-user, per-group, per-host, per-whatever configuration? Wouldn't
that require reimplementing them in that webservice? I don't really know much
about how that operates, and maybe that's fine, though.


Actually it would be a huge simplification.
You will have many profiles/configuration available via webservice
users and groups will have stored in LDAP just a name of profile/configuration.
So sssd would provide names of profiel instead of compicated structured
configration in tesxt (json, yaml, xml ...)

As I mentioned erarlier such appoach was discussed with GNOME team and
integration with FreeIPA/sssd. Alexander Bokovoy might know more
detail. Maybe it will be described in his FOSDEM presentation.

tlog can be a different use-case but it still worth to consider such approach.
Especialy if we could reuse exiting code/projects from GNOME.


Alright, perhaps. I'll try to talk to Alexander when I have a chance and we
can discuss this further on our tlog integration meeting, which we're trying
to schedule.

Nick
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to