[release-notes] Added an entry for sssd GPO-Based Access Control.

Simon Clark sclark at fedoraproject.org
Mon Oct 27 22:03:38 UTC 2014 

commit ae2a6cc9f72795673239937521b1ed5e0e51ee28
Author: Simon Clark <simon.richard.clark at gmail.com>
Date:   Mon Oct 27 22:02:58 2014 +0000

    Added an entry for sssd GPO-Based Access Control.

 en-US/Security.xml |   35 +++++++++++++++++++++++++++++------
 1 files changed, 29 insertions(+), 6 deletions(-)
---
diff --git a/en-US/Security.xml b/en-US/Security.xml
index b2d8812..7aa05b1 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -1,13 +1,36 @@
-<?xml version='1.0' encoding='utf-8' ?>
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+    "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"
+[
 <!ENTITY % BOOK_ENTITIES SYSTEM "Release_Notes.ent">
 %BOOK_ENTITIES;
 ]>
-
 <section>
   <title>Security</title>
   <para />
-
+  <section id="sssd-gpo-access-control">
+    <title>sssd GPO-Based Access Control</title>
+    <para>sssd now supports centrally managed, host-based access
+    control in an Active Directory (AD) environment, using Group
+    Policy Objects (GPOs).</para>
+    <para>GPO policy settings are commonly used to manage
+    host-based access control in an AD environment. The two
+    specific GPO policy settings ("Allow Log On Locally" and "Deny
+    Log On Locally") essentially serve as a whitelist and blacklist
+    of domain users and groups and they are consulted to determine
+    whether logon access to a particular domain computer should be
+    granted. When dealing with GPOs, there is typically a
+    management piece (used to specify the policy settings) and a
+    client-side processing piece (used to retrieve and enforce the
+    policy settings). Since the two policy settings of interest
+    already exist in AD, administrators can continue to use
+    existing mechanisms to specify the whitelist and blacklist
+    (e.g. Group Policy Management Console, or GPMC). As such, this
+    change is related only to the retrieval and enforcement of
+    policy settings. This change only affects SSSD's AD provider.
+    It has no effect on any other SSSD providers (e.g. IPA
+    provider).</para>
+    <para>More information about this change can be found at: 
+    <ulink url="https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryGPOIntegration" /></para>
+  </section>
 </section>
-
-

More information about the docs-commits mailing list