On Thu, Jul 05, 2012 at 09:12:16AM -0400, Simo Sorce wrote:
On Thu, 2012-07-05 at 14:06 +0200, Sumit Bose wrote:
>
>
> Hi,
>
> this patch added the checks requested in ticket #1382 to the PAC
> responder. The check itself can be found in the commom responder code.
> It can be used by all responder, but currently only the PAC responder
> uses it.
>
> I took a quite strict default here, i.e. only root is allowed to
> access
> the PAC responder by default. Is this too restrictive?
>
Patch looks good, but I wonder why you do not allow specifying user
names, a getpwnam() is not too expensive.
yes, but I think this way is more robust because I expect that someone
will have some system accounts served by sssd, see e.g.
https://fedorahosted.org/sssd/ticket/1357 . But if you prefer I can add
a loop with getpwnam() at startup time.
bye,
Sumit
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel