[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6487) Nssov pam_authz authorizedUserService

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6487) Nssov pam_authz authorizedUserService
From: kean.johnston@gmail.com
Date: Mon, 22 Mar 2010 05:04:11 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

I like what this offers administrators but I have a comment about how you 
handle "wildcards". They aren't wild at all, but "magic strings" with only 
one possible meaning: all users/services with the single magic character 
"*". If you have a defined user naming convention like i_whatever for 
interns and c_whatever for contractors, it would be useful to be able to 
either include or exclude such users from using certain services.

My patch at http://www.openldap.org/its/index.cgi?findid=6495 does this for 
userhost and userservices attributes, and includes negation. Would you be 
interested in working with me to expand this to support real wildcards? 
Also I suggest you make this two patches, as the patch submission 
guidelines clearly state that one patch for 1 feature, and the meaty parts 
of this are obfuscated by increasing the buffer sizes which should probably 
be in a separate patch.

Regards, Kean

Prev by Date: Re: (ITS#6495) nssov patch to better emulate pam_ldap behaviour
Next by Date: Re: (ITS#6487) Nssov pam_authz authorizedUserService
Index(es):
- Chronological
- Thread