On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
I created a design page for the feature:

http://www.freeipa.org/page/URI-based-HBAC-design



1. The design page doesn't mention if mod_authnz_pam will be extended or some new 'pam_sss' Apache module will be created. Or is it actually mod_hbacauthz_pam as said in 'how to test'?

2. "in some location in Apache" is vague

3. If it is a conceptual design than OK but in final following needs to be specified:
- which LDAP object class is extended with what attribute
- which IPA object is extended with what param
- what API methods are affected
- how will CLI options look

4. what regular expression dialect will be used?

--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to