Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 588412 - Need list of services for hbac
Need list of services for hbac
Product: freeIPA
Classification: Community
Component: Documentation (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Sumit Bose
Chandrasekar Kannan
Depends On:
  Show dependency treegraph
Reported: 2010-05-03 13:07 EDT by Rob Crittenden
Modified: 2015-01-04 18:42 EST (History)
5 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-28 07:21:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2010-05-03 13:07:35 EDT
Description of problem:

HBAC can be configured to allow/deny specific services. A list of those services is needed.
Comment 1 Rob Crittenden 2010-05-03 13:08:41 EDT
Sumit, can you provide the list of services for HBAC, or the mechanism that sssd uses to determine the requested service?
Comment 2 Sumit Bose 2010-05-03 16:00:39 EDT
The service is compared to the string that is returned by
pam_get_item(pam_handle, PAM_SERVICE, &item) which is the same as the service name in the PAM configuration in /etc/pam.d/. So the filenames in /etc/pam.d are the service names. Please note that there are services which can have multiple service name, like e.g. su and su-l.
Comment 3 Rob Crittenden 2010-09-27 14:31:42 EDT
Sumit, here are those that I picked: sssd, ftp, su, login, su-l, sudo and sudo-i.

Is this is enough to start with?
Comment 4 Sumit Bose 2010-09-27 16:27:29 EDT
I think you mean sshd instead of sssd. Maybe adding gdm and/or gdm-password would make sense. The KDE folks would like kdm, too.
Comment 5 Dmitri Pal 2010-09-27 17:58:49 EDT
Comment 6 Rob Crittenden 2010-11-03 11:51:41 EDT
Ok, adding all three.
Comment 7 Rob Crittenden 2010-11-08 16:09:01 EST
master: d76ead6ccea2b41d3cb603124860fb3f84d8e1cc

Note You need to log in before you can comment on or make changes to this bug.