[Freeipa-devel] [PATCH] 854 Add ftp HBAC services
Alexander Bokovoy
abokovoy at redhat.com
Thu Aug 25 11:39:46 UTC 2011
On 25.08.2011 14:36, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
>> On 25.08.2011 00:35, Rob Crittenden wrote:
>>> Add a few more ftp HBAC services. This adds vsftpd, proftpd, pure-ftpd
>>> and gssftp. An HBAC service equates to a pam service and since there is
>>> no Linux ftp daemon that uses ftp as its service name it wasn't very
>>> useful.
>>>
>>> I added a ftp HBAC service group to tie them all together.
>> ACK
>>
>> What about other services? There are 'sudo', 'sudo-i', 'su', 'su-l',
>> 'runuser', 'runuser-l' in Fedora which represent 'sudo' and 'su', and
>> 'runuser' and dash-variants are used when launched with appropriate
>> options.
>>
>> For gdm there are gdm{,-autologin,-fingerprint,-password} which are
>> different PAM services to use with different GDM options.
>>
>> I think is is worth to create HBAC service groups for them as well but
>> this is clearly distribution-dependent behaviour.
>
> We have some of these sudo services already, but not all of them. I'm
> certainly open to adding more services and service groups by default.
> Can you open a ticket with your suggestions?
I'll make a task ticket for 3.0 Core effort.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list