Bug 588412 - Need list of services for hbac
Summary: Need list of services for hbac
Alias: None
Product: freeIPA
Classification: Retired
Component: Documentation
Version: 2.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Sumit Bose
QA Contact: Chandrasekar Kannan
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-03 17:07 UTC by Rob Crittenden
Modified: 2015-01-04 23:42 UTC (History)
5 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-03-28 11:21:34 UTC

Attachments (Terms of Use)

Description Rob Crittenden 2010-05-03 17:07:35 UTC
Description of problem:

HBAC can be configured to allow/deny specific services. A list of those services is needed.

Comment 1 Rob Crittenden 2010-05-03 17:08:41 UTC
Sumit, can you provide the list of services for HBAC, or the mechanism that sssd uses to determine the requested service?

Comment 2 Sumit Bose 2010-05-03 20:00:39 UTC
The service is compared to the string that is returned by
pam_get_item(pam_handle, PAM_SERVICE, &item) which is the same as the service name in the PAM configuration in /etc/pam.d/. So the filenames in /etc/pam.d are the service names. Please note that there are services which can have multiple service name, like e.g. su and su-l.

Comment 3 Rob Crittenden 2010-09-27 18:31:42 UTC
Sumit, here are those that I picked: sssd, ftp, su, login, su-l, sudo and sudo-i.

Is this is enough to start with?

Comment 4 Sumit Bose 2010-09-27 20:27:29 UTC
I think you mean sshd instead of sssd. Maybe adding gdm and/or gdm-password would make sense. The KDE folks would like kdm, too.

Comment 5 Dmitri Pal 2010-09-27 21:58:49 UTC

Comment 6 Rob Crittenden 2010-11-03 15:51:41 UTC
Ok, adding all three.

Comment 7 Rob Crittenden 2010-11-08 21:09:01 UTC
master: d76ead6ccea2b41d3cb603124860fb3f84d8e1cc

Note You need to log in before you can comment on or make changes to this bug.