Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ipaapi user to access SSSD's info pipe #2515

Closed
wants to merge 1 commit into from
Closed

Allow ipaapi user to access SSSD's info pipe #2515

wants to merge 1 commit into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Nov 6, 2018

For smart card authentication, ipaapi must be able to access to sss-ifp.
During installation and upgrade, the ipaapi user is now added to
[ifp]allowed_uids.

The commit also fixes two related issues:

  • The server upgrade code now enables ifp service in sssd.conf. The
    existing code modified sssd.conf but never wrote the changes to disk.
  • sssd_enable_service() no longer fails after it has detected an
    unrecognized service.

Fixes: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes cheimes@redhat.com

@tiran tiran added needs review Pull Request is waiting for a review ipa-4-7 ipa-4-6 Mark for backport to ipa 4.6 labels Nov 6, 2018
@tiran tiran force-pushed the issue7751_ifp_ipauser branch 5 times, most recently from 157ca16 to 30a21f3 Compare November 6, 2018 15:05
@tiran
Allow ipaapi user to access SSSD's info pipe
11367e1 
For smart card authentication, ipaapi must be able to access to sss-ifp.
During installation and upgrade, the ipaapi user is now added to
[ifp]allowed_uids.

The commit also fixes two related issues:

* The server upgrade code now enables ifp service in sssd.conf. The
  existing code modified sssd.conf but never wrote the changes to disk.
* sssd_enable_service() no longer fails after it has detected an
  unrecognized service.

Fixes: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran tiran added the prioritized Pull Request has higher priority for PR-CI label Nov 7, 2018
@rcritten rcritten added ack Pull Request approved, can be merged and removed needs review Pull Request is waiting for a review labels Nov 7, 2018
@tiran tiran added the pushed Pull Request has already been pushed label Nov 7, 2018
@tiran
Copy link
Member Author

tiran commented Nov 7, 2018

master:

  • 8b0f359 Allow ipaapi user to access SSSD's info pipe

@tiran tiran closed this Nov 7, 2018
This was referenced Nov 7, 2018
Closed
Closed
@tiran tiran deleted the issue7751_ifp_ipauser branch November 8, 2018 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcritten rcritten rcritten left review comments

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged ipa-4-6 Mark for backport to ipa 4.6 prioritized Pull Request has higher priority for PR-CI pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tiran @rcritten