[Freeipa-devel] Time-based account policies
Martin Kosek
mkosek at redhat.com
Thu Mar 26 15:47:06 UTC 2015
On 03/26/2015 04:39 PM, Simo Sorce wrote:
> On Thu, 2015-03-26 at 16:35 +0100, Martin Kosek wrote:
>> On 03/26/2015 04:26 PM, Jan Cholasta wrote:
>
> [...]
>>> I don't see any point in storing time zone in the host object, if it's not used
>>> for anything meaningful and has to be manually synchronized with the host's
>>> actual configured time zone.
>>
>> It would be mostly used for aiding the HBAC rule creation process, i.e. for the
>> UX. It would be optional. If you do not fill it, you would have to always
>> select the right time zone in when setting the UTC HBAC time,
>>
>> If you fill the zone, UI could already select the right time zone for you.
>
>
> It will only help to do mistakes, how does the host object get to know
> what is the host's timezone ? And in any case you generally create HBAC
> rules using groups of hosts, what is the UI gonna do ? Crawl all the
> hosts in a group and then ? Average add the most common time zone ?
Search hosts, gather all time zones and list them as choices or simply warn
that there are more time zones and Local Time based rule is preferred? :-)
> Drop it please :)
If there is no one interested in it, we can drop it. Such UX improvement can
also be added later, if there is a need.
>
>> Host's Local Time and UTC time are 2 different approaches how to set the time
>> for the HBAC rule. With Local Time type, you would of course not have to deal
>> with time zones. I thought this was already cleared out.
>
> Sorry you confuse me, in which case do you need UTC ?
> In case you want to set an absolute time that doesn't change with DST ?
I am confused as well. Wasn't it you who expressed the need to have 2 different
approaches for HBAC time rules - Local Time and fixed UTC time?
Reference:
http://www.redhat.com/archives/freeipa-devel/2015-March/msg00158.html
More information about the Freeipa-devel
mailing list