Bug 887675
Summary: | realmd does now support "permit" options for groups. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | William Brown <william> |
Component: | realmd | Assignee: | Stef Walter <stefw> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | dpal, jhrozek, stefw, yaneti |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | realmd-0.13.91-1.fc19 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-22 03:15:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
William Brown
2012-12-17 00:14:22 UTC
I guess this is the limitation of the realmd. SSSD supports groups in the simple access provider as well as users. Please see all the man pages for sssd-simple. What happens above is that "Domain Admins" is treated as a user. May be realmd should support another argument? realm permit user "foo" realm permit group "Domain Admins" Yes it pr(In reply to comment #1) > I guess this is the limitation of the realmd. SSSD supports groups in the > simple access provider as well as users. Please see all the man pages for > sssd-simple. What happens above is that "Domain Admins" is treated as a user. > > May be realmd should support another argument? Yes it probably should. Or we should resolve the user/group on the fly and add it to the appropriate sssd-simple list. Don't resolve the group on the fly. What if I have a user and group with the same name, but mean different things? The "realm permit [user|group]" syntax is probably the better option, as it is explicit to the user what their action will result in. Good point. I'm also not super happy with 'permit' 'deny' as it's not clear that they refer to logins. Will try to come up with a syntax that fixes both problems... (In reply to comment #4) > Good point. I'm also not super happy with 'permit' 'deny' as it's not clear > that they refer to logins. Will try to come up with a syntax that fixes both > problems... Is there anything new about group logins? This is prefefred feature for low system administration footprint in large domain environments. realmd-0.13.91-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/realmd-0.13.91-1.fc19 Package realmd-0.13.91-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing realmd-0.13.91-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-7345/realmd-0.13.91-1.fc19 then log in and leave karma (feedback). realmd-0.13.91-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |