[Freeipa-devel] [PATCH] Check for valid ID ranges and ID overlaps between domains
Stephen Gallagher
sgallagh at redhat.com
Tue May 5 12:44:09 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jakub Hrozek wrote:
> attached.
>
> Also if get_monitor_config returns != EOK in update_monitor_config,
> aborts the rest of update_monitor_config..I guess that if the config is
> wrong, we just want to carry on with the 'last known good config'.
>
> Jakub
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I disagree completely with that assertion. If the config is wrong, we do
not want to silently continue with the old config. If the administrator
was updating the configuration to fix a security hole, update UID ranges
or otherwise prevent access to certain individuals or ranges, then we
cannot fall back to using the old config. Loudly failing is the only
safe play here.
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkoANJUACgkQeiVVYja6o6MHwQCfRz8E81Z6H/EzJgSTmmEBqjCf
2SMAn2J16B+qR7sBn6mM1moJlj3UYVmZ
=D2a9
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list