Re: [SSSD] [PATCH] allowed_shells: using wildcard for any shell
by Denis Kutin
> On 01/30/2014 05:35 AM, Denis Kutin wrote:
> > Dear friends,
> >
> > Using sssd, for a long time, I have come across with a problem
> > recently, which I would like to solve with your help.
> >
> > I provide centralized authentication and authorization service for a
> > huge heterogeneous network. And in my case it would be "nice and easy"
> > if sssd used only shells(5). I believe this mechanism is sufficient
> > for identification of an allowed shell.
> >
> > I take a liberty to offer you this tiny patch, which will let use
> > wildcard (*) in param allowed_shells in sssd.conf
> >
> > What do you think about it?
> >
> > --
> > Denis Kutin
> >
>
>
> Thanks for the patch.
> But let us start from the beginning. I see the problem that you want to
> solve so please file ticket so that we can track it for future.
>
> I am not an expert in the code but:
> 1) The check is inside the loop, it probably should be outside the loop
> (not sure)
> 2) Debug message should be different because we want to differentiate
> from allowed but does not exist.
> 3) We are saying that we are using user shall but actually returning
> shall_fallback, is that right?
>
> --
> be Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
created:
https://fedorahosted.org/sssd/ticket/2219
1) Well, I also was confused. But it seems not necessary, because in loop
we check all shells in allowed_shell and if one (i assume it's the only
one) will be '*' - we got what we need.
2) But.. we already have it
DEBUG(5, ("The shell '%s' is allowed but does not exist. "
"Using fallback\n", user_shell));
3) Not exactly, we're using shell_fallback and saying it
--
Denis Kutin
9 years, 10 months
- 1
- 0