[Freeipa-devel] Visibility of the sensitive LDAP data
JR Aquino
JR.Aquino at citrix.com
Wed Jun 8 19:15:22 UTC 2011
On Jun 8, 2011, at 11:30 AM, Simo Sorce wrote:
> On Wed, 2011-06-08 at 14:15 -0400, Dmitri Pal wrote:
>> Hi,
>>
>> We have been through this some time before and the decision made then
>> still left me uneasy.
>> We said that LDAP is by nature something is a readable by an
>> authenticated used. Other than special password and key related
>> attributes everything else should be readable.
>>
>> Now we have a bug https://bugzilla.redhat.com/show_bug.cgi?id=711693
>> It seems reasonable to hide the SUDO information from the normal user
>> and not make it widely available. I would argue that the HBAC should
>> fall into the same category.
>> I suspect there is a way to hide this information and if we implemented
>> everything correctly the UI and CLI should not fail and respecting the
>> effective rights will not present the UI or fail the CLI command.
>> So what should we do:
>> 1) Leave as is and not bother at all (i.e. it is what it is)
>> 2) Leave as is and defer the solution till later (do not fix it in 2.1
>> defer to 2.2)
>> 3) Leave as is but document how to do it using permissions & ACIs
>> 4) Provide default ACIs that would hide the records for the broad user
>> population
>>
>> Looking for an opinion here.
>
> I am for (2)
>
> Simo.
>
I am also for (2)
This logic becomes quite tricky however, because controlling this via ACI's would have to be cognizant of the authenticated user to be able to make the decision to show them only their /OWN/ authorization/access rights...
More information about the Freeipa-devel
mailing list