freeipa.git - FreeIPA project

diff options

author	Alexander Bokovoy <abokovoy@redhat.com>	2011-10-11 11:25:24 +0300
committer	Rob Crittenden <rcritten@redhat.com>	2011-10-10 17:09:22 -0400
commit	3e1c04f9333ac3f4333d5cf99579e85a44c9573b (patch)
tree	f4e707706ae2d43f2c3629f51c3088e080e44fb5 /ipa.1
parent	ff3d3c0ab376ead2d48513c18cdd82c86ccf1382 (diff)
download	freeipa-3e1c04f9333ac3f4333d5cf99579e85a44c9573b.tar.gz freeipa-3e1c04f9333ac3f4333d5cf99579e85a44c9573b.tar.xz freeipa-3e1c04f9333ac3f4333d5cf99579e85a44c9573b.zip

Include indirect membership and canonicalize hosts during HBAC rules testing

When users and hosts are included into groups indirectly, make sure that during HBAC test e fill in all indirect groups properly into an HBAC request. Also, if hosts provided for test are not specified fully, canonicalize them using IPA domain. This makes possible following requests: ipa hbactest --user foobar --srchost vm-101 --host vm-101 --service sshd Request to evaluate: <user <name foobar groups [hbacusers,ipausers]> service <name sshd groups []> targethost <name vm-101.ipa.local groups []> srchost <name vm-101.ipa.local groups []> > Fixes: https://fedorahosted.org/freeipa/ticket/1862 https://fedorahosted.org/freeipa/ticket/1949

Diffstat (limited to 'ipa.1')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: