[Freeipa-devel] Time-based account policies
Martin Kosek
mkosek at redhat.com
Thu Mar 26 15:49:27 UTC 2015
On 03/26/2015 04:42 PM, Simo Sorce wrote:
> On Thu, 2015-03-26 at 16:39 +0100, Martin Kosek wrote:
>> On 03/26/2015 04:30 PM, Simo Sorce wrote:
>>> On Thu, 2015-03-26 at 16:26 +0100, Jan Cholasta wrote:
>>>>>> I think the timezone still may be with the host object but only as
>>>> the UI
>>>>>> helper as you suggest. Although I would maybe rather not see it
>>>> with the object
>>>>>> at all and have the admin just set the right timezone for the HBAC
>>>> rule
>>>>>> themselves. After all, if there's a collision of host helper
>>>> timezones, I think
>>>>>> admin would have to do that anyway.
>>>>
>>>> I don't see any point in storing time zone in the host object, if
>>>> it's
>>>> not used for anything meaningful and has to be manually synchronized
>>>> with the host's actual configured time zone.
>>>
>>> +1
>>> The host *knows* it's local time zone, let's not set us up for sync
>>> issues.
>>>
>>>>>
>>>>> Right. But UI could then offer:
>>>>>
>>>>> Warning, time zone is ambiguous. Please select the right time zone:
>>>>> HostA time zone: Europe/Prague [ ]
>>>>> HostB time zone: Europe/London [ ]
>>>>
>>>> No, thanks. The whole point of "Local Time" is being able to use
>>>> whatever time zone is configured on each host instead of having to
>>>> specify one time zone for all of them, which is exactly what the above
>>>> does.
>>>
>>> +1
>>> "Local Time" is a special name the stray out of the Olson database, you
>>> can see it as the wildcard '*' or 'ALL' in other rules and it means that
>>> the host will use its local time zone with the specified times of day
>>> and days of the week
>>
>> See http://www.redhat.com/archives/freeipa-devel/2015-March/msg00447.html.
>>
>> I agree with you both if we are talking about Local Time rules. I was mostly
>> talking about UTC rules where the time zone is required to set the right UTC time.
>
> Sorry, but if I understand what you are suggesting then I do not agree.
> Either you use UTC based timezones *or* you use an Olson time zone. You
> do *not* try to convert something like Europe/Prague to UTC as you would
> change the meaning of the rule.
Ah, I think where the confusion is coming from. When I said UTC, I rather meant
time + Olson TZ, i.e. time rule that is the same across globe, unlike the Local
Time. Sorry.
I think this guy
(http://www.redhat.com/archives/freeipa-devel/2015-March/msg00158.html)
injected the "UTC" as an alias for this method :-)
More information about the Freeipa-devel
mailing list