URL:
https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration
spbnick commented:
"""
Hi Pavel, thank you for your review! I'll be addressing your comments soon, but for
now here is how to test this.
The patches add support for a new section in sssd.conf: `session_recording`. The section
can have up to three options: `scope`, `users`, and `groups`. The `scope` option accepts
one of three values: `none`, `all`, and `some`. They mean "no users will be
recorded", "all users will be recorded", and "some (specified) users
and/or groups will be recorded", respectively.
If `scope` is set to `some`, then the `users` option accepts a whitespace-separated list
of users to have session recording enabled, same goes for `groups` option, but only for
groups.
Enabling session recording for a user should result in SSSD reporting user shell as
`/usr/bin/tlog-rec` through NSS, and exporting `TLOG_REC_SHELL` environment variable
during PAM session setup. That variable should contain the actual user shell.
Testing for those should be sufficient, but if you'd like, you can get tlog here:
https://github.com/Scribery/tlog
You can either build and install it yourself, or use an RPM from the latest release:
https://github.com/Scribery/tlog/releases/tag/v3
You can also take a look at the tests in `src/tests/intg/test_session_recording.py` for
configuration examples.
Please let me know if you needed some other information.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/136#issuecomment-297016412