[release-notes] Added an entry for sssd GPO-Based Access Control.
Simon Clark
sclark at fedoraproject.org
Mon Oct 27 22:03:38 UTC 2014
commit ae2a6cc9f72795673239937521b1ed5e0e51ee28
Author: Simon Clark <simon.richard.clark at gmail.com>
Date: Mon Oct 27 22:02:58 2014 +0000
Added an entry for sssd GPO-Based Access Control.
en-US/Security.xml | 35 +++++++++++++++++++++++++++++------
1 files changed, 29 insertions(+), 6 deletions(-)
---
diff --git a/en-US/Security.xml b/en-US/Security.xml
index b2d8812..7aa05b1 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -1,13 +1,36 @@
-<?xml version='1.0' encoding='utf-8' ?>
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"
+[
<!ENTITY % BOOK_ENTITIES SYSTEM "Release_Notes.ent">
%BOOK_ENTITIES;
]>
-
<section>
<title>Security</title>
<para />
-
+ <section id="sssd-gpo-access-control">
+ <title>sssd GPO-Based Access Control</title>
+ <para>sssd now supports centrally managed, host-based access
+ control in an Active Directory (AD) environment, using Group
+ Policy Objects (GPOs).</para>
+ <para>GPO policy settings are commonly used to manage
+ host-based access control in an AD environment. The two
+ specific GPO policy settings ("Allow Log On Locally" and "Deny
+ Log On Locally") essentially serve as a whitelist and blacklist
+ of domain users and groups and they are consulted to determine
+ whether logon access to a particular domain computer should be
+ granted. When dealing with GPOs, there is typically a
+ management piece (used to specify the policy settings) and a
+ client-side processing piece (used to retrieve and enforce the
+ policy settings). Since the two policy settings of interest
+ already exist in AD, administrators can continue to use
+ existing mechanisms to specify the whitelist and blacklist
+ (e.g. Group Policy Management Console, or GPMC). As such, this
+ change is related only to the retrieval and enforcement of
+ policy settings. This change only affects SSSD's AD provider.
+ It has no effect on any other SSSD providers (e.g. IPA
+ provider).</para>
+ <para>More information about this change can be found at:
+ <ulink url="https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryGPOIntegration" /></para>
+ </section>
</section>
-
-
More information about the docs-commits
mailing list