On 05/03/2010 02:55 PM, Rob Crittenden wrote:
Oliver Burtchen wrote:
What are the exact service-names to use in --service? I know basically
they are the ones like in /etc/services, or what pam uses. But I
noticed that both ssh and sshd are applicable for ssh. Is there
somewhere a list or do they provide it by their selfs, and I can only
make a good guess and try.

To be honest, I'm not sure myself. I'm guessing that sssd has a
mechanism for determining this. I've filed
https://bugzilla.redhat.com/show_bug.cgi?id=588412 to track this question.

I'm going to let Sumit comment on the Bugzilla ticket, since he'd know better, but I'm 99% certain that we get this directly from PAM (as in, the application itself provides that data when making a PAM request).

Looking at a recent auth I performed on my system, I see the raw PAM data that comes in from (for example) 'su -l' is reported to us as "service: su-l".

My assumption is that SSSD's HBAC simply treats that as canonical.

Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.

Freeipa-users mailing list

Reply via email to