[Freeipa-devel] [SSSD] Proposed changes to the HBAC grammar
Simo Sorce
ssorce at redhat.com
Thu Nov 18 14:08:08 UTC 2010
On Thu, 18 Nov 2010 08:37:32 -0500
Dmitri Pal <dpal at redhat.com> wrote:
> Simo Sorce wrote:
> > On Thu, 18 Nov 2010 07:21:04 -0500
> > Stephen Gallagher <sgallagh at redhat.com> wrote:
> >
> >
> >> Doing the forward septets is easy (1*x..7*x), but the reverse
> >> septets are more complicated (since they would be (y-1*x..y-7*x),
> >> where y is the total number of days in the month (which also has
> >> to account for leap years).
> >>
> >> I think it might be a nice enhancement, but I recommend that we not
> >> include it right now, given the tight release schedule for FreeIPA
> >> v2.
> >
> > As I said before it is a now or never condition.
> > If you do not put it in now, then when you put it in, old clients
> > will not understand the rule. And they will have only one option,
> > always deny access, because they have no way to understand when it
> > is ok to allow/deny it.
> >
> > Simo.
> >
> >
> What about just using the cron spec then with the addition of the
> duration? And completely abandon our grammar for the periodic part (I
> know it is a lot of work and start over again but if we have one shot
> wouldn't it be best to use something existing?)
> Will that work?
The Cron grammar is very ugly and can't do many of the things we need
anyway.
The problems we have with the current grammar are minor, and can be
easily solved.
We have done 98% of the work, I wouldn't throw it all away just becaue
we need to fix the remaining 2%
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list