From 6dff95bdfe437afc0b62b5270d0d84140981c786 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 16 Mar 2015 11:48:39 +0100 Subject: IPA: Remove the ipa_hbac_treat_deny_as option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://fedorahosted.org/sssd/ticket/2603 Since deny rules are no longer supported on the server, the client should no longer support them either. Remove the option. Reviewed-by: Pavel Březina --- src/config/SSSDConfig/__init__.py.in | 1 - src/config/etc/sssd.api.d/sssd-ipa.conf | 1 - 2 files changed, 2 deletions(-) (limited to 'src/config') diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index dbbffebf3..31c9c6480 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -160,7 +160,6 @@ option_strings = { 'ipa_hbac_search_base' : _("Search base for HBAC related objects"), 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"), 'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"), - 'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"), 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"), 'ipa_automount_location' : _("The automounter location this IPA client is using"), 'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 2a3b7ef15..230bdd7df 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -159,7 +159,6 @@ krb5_use_enterprise_principal = bool, None, false [provider/ipa/access] ipa_hbac_refresh = int, None, false ipa_selinux_refresh = int, None, false -ipa_hbac_treat_deny_as = str, None, false ipa_hbac_support_srchost = bool, None, false ipa_host_object_class = str, None, false ipa_host_name = str, None, false -- cgit