Dne pondělí 16 července 2012 17:45:05, Jakub Hrozek napsal(a):
On Mon, Jul 16, 2012 at 04:20:23PM +0200, Jan Zelený wrote:
> The functionality is now following:
>
> When rule is being matched, its priority is determined as a combination
> of user and host specificity (host taking preference).
>
> After the rule is matched in provider, its host priority is stored
> in sysdb for later usage.
>
> When rules are matched in the responder, their user priority is
> determined. After that their host priority is retrieved directly from
> sysdb and sum of both priorities is used to determine whether to take
> that rule into account or not. If more rules have the same priority, the
> order given in IPA config is used.
>
> Thanks
> Jan
Nack, I don't like the concept of storing the priority scores in the
sysdb -- the priority scores depend on the user being processed and the
hostname that comes from pam data. I think the scores should be computed
in responder and the provider should only store the data in the sysdb.
Your assumption is not entirely accurate. The host priority depends on host-
related data that are retrieved from IPA server. Therefore we would need to
store this data in sysdb instead of the priority and do the same processing
twice - once in provider to know what rules apply to the host and once in
responder to determine their priority. That's why I think calculating priority
in the first pass and then utilize this number (which don't change by the way)
further instead of calculating it againg is far better.
However if you insist, I won't argue with you and do the change.
Thanks
Jan