On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as opposed to a human user).
Looking at it, this PAM stack (systemd-user) is called whenever the system invokes starts a session instance of systemd. It seems to me, this really belongs added to the list of default options for ad_gpo_map_permit to always allow access (since this has to be allowed for system functionality to work properly).
Also, please update the manpages to match, since they specifically list all of the default values.
On 01/13/2015 08:39 PM, Stephen Gallagher wrote:
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as opposed to a human user).
Looking at it, this PAM stack (systemd-user) is called whenever the system invokes starts a session instance of systemd. It seems to me, this really belongs added to the list of default options for ad_gpo_map_permit to always allow access (since this has to be allowed for system functionality to work properly).
Also, please update the manpages to match, since they specifically list all of the default values.
Thanks for comments, updated patch attached.
On Wed, 2015-01-14 at 13:34 +0100, Pavel Reichl wrote:
On 01/13/2015 08:39 PM, Stephen Gallagher wrote:
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as opposed to a human user).
Looking at it, this PAM stack (systemd-user) is called whenever the system invokes starts a session instance of systemd. It seems to me, this really belongs added to the list of default options for ad_gpo_map_permit to always allow access (since this has to be allowed for system functionality to work properly).
Also, please update the manpages to match, since they specifically list all of the default values.
Thanks for comments, updated patch attached.
Ack
On Wed, Jan 14, 2015 at 03:15:08PM -0500, Stephen Gallagher wrote:
On Wed, 2015-01-14 at 13:34 +0100, Pavel Reichl wrote:
On 01/13/2015 08:39 PM, Stephen Gallagher wrote:
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as opposed to a human user).
Looking at it, this PAM stack (systemd-user) is called whenever the system invokes starts a session instance of systemd. It seems to me, this really belongs added to the list of default options for ad_gpo_map_permit to always allow access (since this has to be allowed for system functionality to work properly).
Also, please update the manpages to match, since they specifically list all of the default values.
Thanks for comments, updated patch attached.
Ack
* master: b49c6abe12721ee8442be1c1bd6c15443b518ca2 * sssd-1-12: 7a98103f88b80543ace05a655507a61f01a9d1f8
sssd-devel@lists.fedorahosted.org