-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pam_cert_pam_services option #620
Conversation
Allow customizing which PAM services are allowed to perform smartcard authentication. Fixes: https://pagure.io/SSSD/sssd/issue/3775 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Can one of the admins verify this patch? |
1 similar comment
Can one of the admins verify this patch? |
ok to test |
@abbra, patch looks good to me. In any case, if it's not urgent I'd also like to have either @jhrozek's or @sumit-bose's eyes on this PR. |
Hi Alexander, thank you for the patch. There is an old patch by @lslebodn which tries to solve the same issue at https://lists.fedoraproject.org/archives/list/sssd-devel@lists.fedorahosted.org/thread/FQWOBQV6FFCBKZS2EXKIJU74473E7R7Y/ I'd like to ask you if you can use the '+service' '-service' scheme as well because imo it would make the configuration easier to write and read and less error-prone. bye, |
@lslebodn created a PR with his old patch at https://pagure.io/SSSD/sssd/pull-request/3799. @abbra, would you agree that the +- style makes the configuration easier or do you see advantages to always specify the full list? |
I think +service style is better. Sorry for slow answers, I'm at the conference this week. |
I'm also fine with @lslebodn patch |
@sumit-bose, shall we go for @lslebodn's patch instead? |
@lslebodn's patch has been merged, thus I'm closing this PR. |
Allow customizing which PAM services are allowed to perform smartcard
authentication.
Fixes: https://pagure.io/SSSD/sssd/issue/3775