On Fri, 2016-08-26 at 11:37 -0400, Simo Sorce wrote:
> Ie we could set both "allow" and "allow_with_time" on an object for
> cases where the admin wants to enforce the time part only o newer
> client
> but otherwise apply the rule to any client.

I notice that SSSD does not like it if there are multiple values on this
attribute, but we could change this easily in older clients when we
update them. worst case the rule will not apply and admins have to
create 2 rules, one with allow and one with allow_with_time.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to