On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
I created a design page for the feature:
http://www.freeipa.org/page/URI-based-HBAC-design
1. The design page doesn't mention if mod_authnz_pam will be extended or
some new 'pam_sss' Apache module will be created. Or is it actually
mod_hbacauthz_pam as said in 'how to test'?
2. "in some location in Apache" is vague
3. If it is a conceptual design than OK but in final following needs to
be specified:
- which LDAP object class is extended with what attribute
- which IPA object is extended with what param
- what API methods are affected
- how will CLI options look
4. what regular expression dialect will be used?
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
