We blindly used the user's domain for everything. That wrong in case the user comes from a subdomain. We should use the IPA domain for accessing the SELinux rules and host data and the user domain only for the user.
On 03/05/2014 09:58 PM, Jakub Hrozek wrote:
We blindly used the user's domain for everything. That wrong in case the user comes from a subdomain. We should use the IPA domain for accessing the SELinux rules and host data and the user domain only for the user.
The code looks good. I need to leave the office soon, so I will do the testing tomorrow.
Michal
On Thu, Mar 06, 2014 at 05:27:22PM +0100, Michal Židek wrote:
On 03/05/2014 09:58 PM, Jakub Hrozek wrote:
We blindly used the user's domain for everything. That wrong in case the user comes from a subdomain. We should use the IPA domain for accessing the SELinux rules and host data and the user domain only for the user.
The code looks good. I need to leave the office soon, so I will do the testing tomorrow.
Michal
Bump, this patch is expected by downstream in a couple of days. I'll be glad for any review comments, but because I won't be available tomorrow, chances are I won't have the time to respin the patch until Tuesday if nacked.
On 03/09/2014 11:00 PM, Jakub Hrozek wrote:
On Thu, Mar 06, 2014 at 05:27:22PM +0100, Michal Židek wrote:
On 03/05/2014 09:58 PM, Jakub Hrozek wrote:
We blindly used the user's domain for everything. That wrong in case the user comes from a subdomain. We should use the IPA domain for accessing the SELinux rules and host data and the user domain only for the user.
The code looks good. I need to leave the office soon, so I will do the testing tomorrow.
Michal
Bump, this patch is expected by downstream in a couple of days. I'll be glad for any review comments, but because I won't be available tomorrow, chances are I won't have the time to respin the patch until Tuesday if nacked.
Ack.
On Tue, Mar 11, 2014 at 05:34:07PM +0100, Pavel Březina wrote:
On 03/09/2014 11:00 PM, Jakub Hrozek wrote:
On Thu, Mar 06, 2014 at 05:27:22PM +0100, Michal Židek wrote:
On 03/05/2014 09:58 PM, Jakub Hrozek wrote:
We blindly used the user's domain for everything. That wrong in case the user comes from a subdomain. We should use the IPA domain for accessing the SELinux rules and host data and the user domain only for the user.
The code looks good. I need to leave the office soon, so I will do the testing tomorrow.
Michal
Bump, this patch is expected by downstream in a couple of days. I'll be glad for any review comments, but because I won't be available tomorrow, chances are I won't have the time to respin the patch until Tuesday if nacked.
Ack.
Thank you for the review, pushed to master and sssd-1-11
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Michal Židek -
Pavel Březina