diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-01-02 17:23:08 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-06-03 13:35:12 +0200 |
| commit | dc8e542f5e9b2cc6373af94e27a0ce26a220edef (patch) | |
| tree | 10e8e3198ee03ca2f7ade47c9c3c5852546ff5e0 /src/config | |
| parent | 6ad198aad0406bf6649540ff99c699cdc3f5f3b7 (diff) | |
| download | sssd-dc8e542f5e9b2cc6373af94e27a0ce26a220edef.tar.gz sssd-dc8e542f5e9b2cc6373af94e27a0ce26a220edef.tar.xz sssd-dc8e542f5e9b2cc6373af94e27a0ce26a220edef.zip | |
IFP: Per-attribute ACL for users
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 770dc892f867639f36f84455d65be6287935a529)
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 7070b88a1..a4a5770db 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -96,6 +96,7 @@ option_strings = { # [ifp] 'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'), + 'user_attributes': _('List of user attributes the InfoPipe is allowed to publish'), # [provider] 'id_provider' : _('Identity provider'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index d6f2d6b45..85253aad5 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -71,6 +71,7 @@ ssh_known_hosts_timeout = int, None, false [pac] # PAC responder allowed_uids = str, None, false +user_attributes = str, None, false [ifp] # InfoPipe responder |