On 11/9/2011 4:32 PM, Dmitri Pal wrote:
Since "from" host is unreliable, one of the latest decisions in SSSD was to ignore "from" host part of the rule by default (causes a lot of performance issues too) and have a config parameter to explicitly not ignore it. I think the UI should reflect in some way that "From" should not be generally used and not an "equal" citizen of the HBAC rule. We probably should update the existing UI too to discourage people from using it and also document it in man pages for HBAC and in the docs.
In HBAC test we can add a note saying the source host is optional. In HBAC rule the default source host category is 'all', which has the same effect. Should we display a warning when the category is changed?
The CLI will be changed to accept empty source host: https://fedorahosted.org/freeipa/ticket/2085 -- Endi S. Dewata _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
