[Freeipa-devel] Time-based account policies
Martin Kosek
mkosek at redhat.com
Thu Mar 26 15:39:10 UTC 2015
On 03/26/2015 04:30 PM, Simo Sorce wrote:
> On Thu, 2015-03-26 at 16:26 +0100, Jan Cholasta wrote:
>>>> I think the timezone still may be with the host object but only as
>> the UI
>>>> helper as you suggest. Although I would maybe rather not see it
>> with the object
>>>> at all and have the admin just set the right timezone for the HBAC
>> rule
>>>> themselves. After all, if there's a collision of host helper
>> timezones, I think
>>>> admin would have to do that anyway.
>>
>> I don't see any point in storing time zone in the host object, if
>> it's
>> not used for anything meaningful and has to be manually synchronized
>> with the host's actual configured time zone.
>
> +1
> The host *knows* it's local time zone, let's not set us up for sync
> issues.
>
>>>
>>> Right. But UI could then offer:
>>>
>>> Warning, time zone is ambiguous. Please select the right time zone:
>>> HostA time zone: Europe/Prague [ ]
>>> HostB time zone: Europe/London [ ]
>>
>> No, thanks. The whole point of "Local Time" is being able to use
>> whatever time zone is configured on each host instead of having to
>> specify one time zone for all of them, which is exactly what the above
>> does.
>
> +1
> "Local Time" is a special name the stray out of the Olson database, you
> can see it as the wildcard '*' or 'ALL' in other rules and it means that
> the host will use its local time zone with the specified times of day
> and days of the week
See http://www.redhat.com/archives/freeipa-devel/2015-March/msg00447.html.
I agree with you both if we are talking about Local Time rules. I was mostly
talking about UTC rules where the time zone is required to set the right UTC time.
More information about the Freeipa-devel
mailing list