[Freeipa-devel] inactivating yourself
Rob Crittenden
rcritten at redhat.com
Mon Dec 3 15:51:32 UTC 2007
David O'Brien wrote:
> Rob Crittenden wrote:
>> Came across and intriguing problem when working on group inactivation.
>>
>> With group inactivation you pick a group, select inactive and update it.
>> This causes all group members, including recursively all groups, to be
>> marked inactive.
>>
>> So what should we do if the current user happens to be a member of that
>> group (or subgroup)?
>>
>> What currently happens is IPA throws up because once the user is
>> inactivated their credentials are no longer accepted by FDS.
>>
>> So should we:
>>
>> 1. Let things go ahead and blow up (i.e. change nothing)
>> 2. Do not let them deactivate anything they are a part of
>> 3. Do all the deactivation except for their record
>> 4. Something else
>>
>> Ideas?
>>
>> I'm leaning towards #2 myself.
>>
>> rob
>>
>
> did you get an answer to this?
>
No, it's still up in the air.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071203/050fda18/attachment.bin>
More information about the Freeipa-devel
mailing list