On Чцв, 11 сту 2024, Finn Fysj via FreeIPA-users wrote:
Finn Fysj via FreeIPA-users wrote:
If you have a custom profile then what would checking for 9.3 help? And
note, we don't recommend or support custom profiles. IPA is very
opinionated about the configuration it expects.
I can see how you were confused but it's covered in "FreeIPA 3.3.0 or
newer" where you run yum update [free]ipa-server. We recommend updating
all packages and not just IPA. ipa-server-upgrade runs as part of the
package install process.
rob
1. Checking for 9.3 would know that the system is using authselect.
2. IPA could only check if the custom profile fulfill the requirements, which
is sssd and sudo feature enabled.
I understand that IPA is very opinionated about config specs, but some need to
follow security benchmarks.
You can always help upstream by submitting a PR that implements what you
propose.
Since authselect supports introspection, of some kind, that could
theoretically be used to look at whether base of the profile is
compatible with what we expect.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
