[Freeipa-devel] Time-based account policies
Simo Sorce
ssorce at redhat.com
Thu Mar 26 15:42:09 UTC 2015
On Thu, 2015-03-26 at 16:39 +0100, Martin Kosek wrote:
> On 03/26/2015 04:30 PM, Simo Sorce wrote:
> > On Thu, 2015-03-26 at 16:26 +0100, Jan Cholasta wrote:
> >>>> I think the timezone still may be with the host object but only as
> >> the UI
> >>>> helper as you suggest. Although I would maybe rather not see it
> >> with the object
> >>>> at all and have the admin just set the right timezone for the HBAC
> >> rule
> >>>> themselves. After all, if there's a collision of host helper
> >> timezones, I think
> >>>> admin would have to do that anyway.
> >>
> >> I don't see any point in storing time zone in the host object, if
> >> it's
> >> not used for anything meaningful and has to be manually synchronized
> >> with the host's actual configured time zone.
> >
> > +1
> > The host *knows* it's local time zone, let's not set us up for sync
> > issues.
> >
> >>>
> >>> Right. But UI could then offer:
> >>>
> >>> Warning, time zone is ambiguous. Please select the right time zone:
> >>> HostA time zone: Europe/Prague [ ]
> >>> HostB time zone: Europe/London [ ]
> >>
> >> No, thanks. The whole point of "Local Time" is being able to use
> >> whatever time zone is configured on each host instead of having to
> >> specify one time zone for all of them, which is exactly what the above
> >> does.
> >
> > +1
> > "Local Time" is a special name the stray out of the Olson database, you
> > can see it as the wildcard '*' or 'ALL' in other rules and it means that
> > the host will use its local time zone with the specified times of day
> > and days of the week
>
> See http://www.redhat.com/archives/freeipa-devel/2015-March/msg00447.html.
>
> I agree with you both if we are talking about Local Time rules. I was mostly
> talking about UTC rules where the time zone is required to set the right UTC time.
Sorry, but if I understand what you are suggesting then I do not agree.
Either you use UTC based timezones *or* you use an Olson time zone. You
do *not* try to convert something like Europe/Prague to UTC as you would
change the meaning of the rule.
Simo.
More information about the Freeipa-devel
mailing list