PAM: Add application services

Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new PAM responder option 'pam_app_services'. This option can hold a list of PAM services that are allowed to contact the application non-POSIX domains. These services are NOT allowed to contact any of the POSIX domains. Reviewed-by: Sumit Bose <sbose@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2017-03-26 18:28:41 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2017-03-30 14:09:52 +0200
commit: 3e789aa0bd6b7bb6e62f91458b76753498030fb5 (patch)
tree: d8c01ead785cc60ac9360cc8a49d91147acaa5ef /src/config/cfg_rules.ini
parent: 57eeec5d735c7a3bbe58299fded97414626d85f1 (diff)
download: sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.tar.gz
sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.tar.xz
sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 8fd2d2c52..1a749db75 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -119,6 +119,7 @@ option = pam_account_locked_message
 option = pam_cert_auth
 option = pam_cert_db_path
 option = p11_child_timeout
+option = pam_app_services
 
 [rule/allowed_sudo_options]
 validator = ini_allowed_options
author	Jakub Hrozek <jhrozek@redhat.com>	2017-03-26 18:28:41 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2017-03-30 14:09:52 +0200
commit	3e789aa0bd6b7bb6e62f91458b76753498030fb5 (patch)
tree	d8c01ead785cc60ac9360cc8a49d91147acaa5ef /src/config/cfg_rules.ini
parent	57eeec5d735c7a3bbe58299fded97414626d85f1 (diff)
download	sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.tar.gz sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.tar.xz sssd-3e789aa0bd6b7bb6e62f91458b76753498030fb5.zip