summaryrefslogtreecommitdiff
path: root/src/config/etc
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-12-09 10:14:04 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-12-13 07:30:24 -0500
commit1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb (patch)
tree6e1e86dfbddffac5a89201f26dd4be9ed92eaab1 /src/config/etc
parent583a018d792c7a28762ecfba74ef1adc48724f22 (diff)
downloadsssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.gz
sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.bz2
sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.zip
Add group support to the simple access provider
This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
Diffstat (limited to 'src/config/etc')
-rw-r--r--src/config/etc/sssd.api.d/sssd-simple.conf2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-simple.conf b/src/config/etc/sssd.api.d/sssd-simple.conf
index 13fbeb9e..e14ea45d 100644
--- a/src/config/etc/sssd.api.d/sssd-simple.conf
+++ b/src/config/etc/sssd.api.d/sssd-simple.conf
@@ -3,3 +3,5 @@
[provider/simple/access]
simple_allow_users = str, None, false
simple_deny_users = str, None, false
+simple_allow_groups = str, None, false
+simple_deny_groups = str, None, false