Bug 591136
Summary: | Change SSSD ipa BE to handle new structure of the HBAC rule | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | benl, jgalipea, sbose, syeghiay |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.2.0-12.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-10 21:39:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 579775 |
Description
Dmitri Pal
2010-05-11 14:17:56 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. Can you please add steps to reproduce this and note where this is documented - man page? As per https://fedorahosted.org/sssd/ticket/475 Thanks! Recent version of the IPA server support service groups for HBAC rules. Perviously on one service or all services were allowed in a HBAC rule. On the server side the 'ipa hbacsvc' command family can be used to create object for a single service and the 'ipa hbacsvcgroup' family to put multiple services into a group. The default server installation already creates service objects for widely used services like sssd, su, su-l, sudo. One the client side all of the related changes are completely transparent and do not any special configuration. verified: On IPA server: * created hvac service group * added sshd and su services to service group * added new rule added service group, allowed memberhosts, sourcehosts, and allowed users On IPA client (memberhost and sourcehost): As allowed user could both sshd to memberHosts from sourceHosts and su on both memberHosts. sssd version: sssd-1.2.1-27.el6.i686 ipa-server version: ipa-server-1.91-0.2010080617git830910d.fc12.i686 Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |