[SSSD] Re: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive
On May 6, 2016, at 6:55 AM, Lukas Slebodnik
<lslebodn(a)redhat.com> wrote:
> On (05/05/16 10:46), Stephen Gallagher wrote:
> Ubuntu systems use "unity" as their screen-locker. Without this in the
defaults,
> people often get locked out of their machines when the screen locks.
>
> Resolves:
> https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415
Patch is confirmed by reporter in launchpad
But they seems to have problem also with polkit-1
[sssd[be[INET.ACTIVARSAS.COM]]] [be_req_set_domain] (0x0400): Changing request domain
from [INET.ACTIVARSAS.COM] to [INET.ACTIVARSAS.COM]
[sssd[be[INET.ACTIVARSAS.COM]]] [be_pam_handler] (0x0100): Got request with the following
data
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): domain: INET.ACTIVARSAS.COM
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): user: cvargasc
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): service: polkit-1
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): tty:
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): ruser: cvargasc
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): rhost:
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): authtok type: 0
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): newauthtok type: 0
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): priv: 0
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): cli_pid: 2431
[sssd[be[INET.ACTIVARSAS.COM]]] [pam_print_data] (0x0100): logon name: not set
[sssd[be[INET.ACTIVARSAS.COM]]] [sdap_access_send] (0x0400): Performing access check for
user [cvargasc]
[sssd[be[INET.ACTIVARSAS.COM]]] [sdap_account_expired_ad] (0x0400): Performing AD access
check for user [cvargasc]
[sssd[be[INET.ACTIVARSAS.COM]]] [ad_gpo_access_send] (0x0400): using default right
[sssd[be[INET.ACTIVARSAS.COM]]] [ad_gpo_access_send] (0x0400): service polkit-1 maps to
Denied
[sssd[be[INET.ACTIVARSAS.COM]]] [ad_gpo_access_done] (0x0040): GPO-based access control
failed.
[sssd[be[INET.ACTIVARSAS.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0,
6, <NULL>) [Success]
[sssd[be[INET.ACTIVARSAS.COM]]] [be_pam_handler_callback] (0x0100): Sending result
[6][INET.ACTIVARSAS.COM]
[sssd[be[INET.ACTIVARSAS.COM]]] [be_pam_handler_callback] (0x0100): Sent result
[6][INET.ACTIVARSAS.COM]
Do we want to change it separate patch?
LS
The unity one seemed pretty generic, but I am not sure "polkit-1" is right for
upstream (since it sounds rather like an Ubuntu-ism". What do we call it in Fedora?
I guess as long as it isn't in conflict, we could merge it in here, though.