[Freeipa-devel] [SSSD] Proposed changes to the HBAC grammar
Jakub Hrozek
jhrozek at redhat.com
Thu Nov 18 15:23:38 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/18/2010 02:24 PM, Simo Sorce wrote:
> On Thu, 18 Nov 2010 07:21:04 -0500
> Stephen Gallagher <sgallagh at redhat.com> wrote:
>
>> Doing the forward septets is easy (1*x..7*x), but the reverse septets
>> are more complicated (since they would be (y-1*x..y-7*x), where y is
>> the total number of days in the month (which also has to account for
>> leap years).
>>
>> I think it might be a nice enhancement, but I recommend that we not
>> include it right now, given the tight release schedule for FreeIPA v2.
>
> As I said before it is a now or never condition.
> If you do not put it in now, then when you put it in, old clients will
> not understand the rule. And they will have only one option, always
> deny access, because they have no way to understand when it is ok to
> allow/deny it.
>
> Simo.
>
In that case, should we have some version identifier, too? In case we
identify some flaw later on and need to change the format once again.
Jakub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzlRPkACgkQHsardTLnvCVfqgCeK1eNnHgf3mKoZthvQE6B6Ji0
js8Anj0NvU+AH8PDsRgV59+Sm2gNdaqh
=3A8g
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list