> First question I have is that the URLs only match on complete string > match. From past conversations I thought we wanted to add a more > granular evaluation..?
I am planning to interpret URI as a prefix. However, there might be problem getting enough granularity because FreeIPA has dropped DENY rules: it will be hard to get some behaviors, e.g. "Allow access to hostname/* but not to hostname/admin/*". I do not know yet how to solve this. But first things first, I want to make the whole concept work and then make in more complicated. In this phase, I need to either enhance Infopipe or PAM responder so I can have the first working iteration. At this point, I don't even have a good way to test changes - although SSSD gets URI from FreeIPA, it isn't capable of receiving requests containing URI. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
