[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6487) Nssov pam_authz authorizedUserService

I like what this offers administrators but I have a comment about how you 
handle "wildcards". They aren't wild at all, but "magic strings" with only 
one possible meaning: all users/services with the single magic character 
"*". If you have a defined user naming convention like i_whatever for 
interns and c_whatever for contractors, it would be useful to be able to 
either include or exclude such users from using certain services.

My patch at http://www.openldap.org/its/index.cgi?findid=6495 does this for 
userhost and userservices attributes, and includes negation. Would you be 
interested in working with me to expand this to support real wildcards? 
Also I suggest you make this two patches, as the patch submission 
guidelines clearly state that one patch for 1 feature, and the meaty parts 
of this are obfuscated by increasing the buffer sizes which should probably 
be in a separate patch.

Regards, Kean