Bug 588412 - Need list of services for hbac
Summary: Need list of services for hbac
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: Documentation
Version: 2.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Sumit Bose
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-03 17:07 UTC by Rob Crittenden
Modified: 2015-01-04 23:42 UTC (History)
5 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 11:21:34 UTC
Embargoed:

Attachments (Terms of Use)

Description Rob Crittenden 2010-05-03 17:07:35 UTC 
Description of problem:

HBAC can be configured to allow/deny specific services. A list of those services is needed.
Comment 1 Rob Crittenden 2010-05-03 17:08:41 UTC 
Sumit, can you provide the list of services for HBAC, or the mechanism that sssd uses to determine the requested service?
Comment 2 Sumit Bose 2010-05-03 20:00:39 UTC 
The service is compared to the string that is returned by
pam_get_item(pam_handle, PAM_SERVICE, &item) which is the same as the service name in the PAM configuration in /etc/pam.d/. So the filenames in /etc/pam.d are the service names. Please note that there are services which can have multiple service name, like e.g. su and su-l.
Comment 3 Rob Crittenden 2010-09-27 18:31:42 UTC 
Sumit, here are those that I picked: sssd, ftp, su, login, su-l, sudo and sudo-i.

Is this is enough to start with?
Comment 4 Sumit Bose 2010-09-27 20:27:29 UTC 
I think you mean sshd instead of sssd. Maybe adding gdm and/or gdm-password would make sense. The KDE folks would like kdm, too.
Comment 5 Dmitri Pal 2010-09-27 21:58:49 UTC 
https://fedorahosted.org/freeipa/ticket/307
Comment 6 Rob Crittenden 2010-11-03 15:51:41 UTC 
Ok, adding all three.
Comment 7 Rob Crittenden 2010-11-08 21:09:01 UTC 
master: d76ead6ccea2b41d3cb603124860fb3f84d8e1cc
Note You need to log in before you can comment on or make changes to this bug.