[Freeipa-devel] Time-based account policies
Alexander Bokovoy
abokovoy at redhat.com
Tue Mar 10 16:24:10 UTC 2015
On Tue, 10 Mar 2015, John Dennis wrote:
>On 03/10/2015 12:13 PM, Alexander Bokovoy wrote:
>> HBAC rule is a tuple (user|group, host|hostgroup, service|servicegroup).
>> This tuple would get extension representing time/date information in a
>> multivalued attribute that would describe all time/date intervals
>> applicable to this rule.
>
>I must be misunderstanding something. Recurrence rules yield an
>unbounded number of "allow" intervals. Certainly you do not want to
>enumerate and store all the intervals, instead you want to evaluate the
>rule locally and obtain a simple yes/no answer, don't you?
Yes. We are not contradicting each other as there is nothing in my
response quoted above that implies that description of these time/date
intervals is explicit rather than functional.
We really need to define the format of such description but it doesn't
need to be iCal as it is.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list