[Freeipa-devel] Time-based account policies
John Dennis
jdennis at redhat.com
Tue Mar 10 16:18:59 UTC 2015
On 03/10/2015 12:13 PM, Alexander Bokovoy wrote:
> HBAC rule is a tuple (user|group, host|hostgroup, service|servicegroup).
> This tuple would get extension representing time/date information in a
> multivalued attribute that would describe all time/date intervals
> applicable to this rule.
I must be misunderstanding something. Recurrence rules yield an
unbounded number of "allow" intervals. Certainly you do not want to
enumerate and store all the intervals, instead you want to evaluate the
rule locally and obtain a simple yes/no answer, don't you?
--
John
More information about the Freeipa-devel
mailing list