[Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies
Simo Sorce
simo at redhat.com
Fri Aug 26 15:40:55 UTC 2016
On Fri, 2016-08-26 at 11:37 -0400, Simo Sorce wrote:
> Ie we could set both "allow" and "allow_with_time" on an object for
> cases where the admin wants to enforce the time part only o newer
> client
> but otherwise apply the rule to any client.
I notice that SSSD does not like it if there are multiple values on this
attribute, but we could change this easily in older clients when we
update them. worst case the rule will not apply and admins have to
create 2 rules, one with allow and one with allow_with_time.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list