On 11/10/2011 12:06 PM, Endi Sukma Dewata wrote: > On 11/9/2011 4:32 PM, Dmitri Pal wrote: >> Since "from" host is unreliable, one of the latest decisions in SSSD was >> to ignore "from" host part of the rule by default (causes a lot of >> performance issues too) and have a config parameter to explicitly not >> ignore it. I think the UI should reflect in some way that "From" should >> not be generally used and not an "equal" citizen of the HBAC rule. We >> probably should update the existing UI too to discourage people from >> using it and also document it in man pages for HBAC and in the docs. > > In HBAC test we can add a note saying the source host is optional. In > HBAC rule the default source host category is 'all', which has the > same effect. Should we display a warning when the category is changed?
Probably. Some reasonable indication should be used. > > The CLI will be changed to accept empty source host: > https://fedorahosted.org/freeipa/ticket/2085 > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
