From 770dc892f867639f36f84455d65be6287935a529 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 2 Jan 2014 17:23:08 +0100 Subject: IFP: Per-attribute ACL for users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina --- src/config/SSSDConfig/__init__.py.in | 1 + src/config/etc/sssd.api.conf | 1 + 2 files changed, 2 insertions(+) (limited to 'src/config') diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 3e5bbe9a8..e221eba27 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -97,6 +97,7 @@ option_strings = { # [ifp] 'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'), + 'user_attributes': _('List of user attributes the InfoPipe is allowed to publish'), # [provider] 'id_provider' : _('Identity provider'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a5cb62f45..c7c1232c3 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -70,6 +70,7 @@ ssh_known_hosts_timeout = int, None, false [pac] # PAC responder allowed_uids = str, None, false +user_attributes = str, None, false [ifp] # InfoPipe responder -- cgit