Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

man: Add local_auth_policy table #7294

Conversation

justin-stephenson
Copy link
Contributor

Feedback from other indicates that understanding the new local_auth_policy option can be confusing. Add a table to the man page which explains which local methods are enabled/disabled for each backend. This is applicable for the default "match" value.

<row><entry namest='c1' nameend='c4' align='center'>
local_auth_policy = match (default)</entry></row>
<row><entry></entry><entry>Passkey</entry>
<entry>Smartcard</entry><entry>2FA</entry></row>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

why is there a 2FA column? This is not controlled by the local_auth_policy option.

Additionally I think the wording which local authentication methods are currently enabled or disabled for each backend might be misleading. If e.g. AD is not configured for Smartcard authentication then it will not be enabled on the client if match is used.

After reading the existing entry I think an additional sentence to the first paragraph like e.g. "With this option additional methods can be enabled which are evaluated and check locally." would make sense as well.

bye,
Sumit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

why is there a 2FA column? This is not controlled by the local_auth_policy option.

Removed.

Additionally I think the wording which local authentication methods are currently enabled or disabled for each backend might be misleading. If e.g. AD is not configured for Smartcard authentication then it will not be enabled on the client if match is used.

I added, if configured properly, to address this.

After reading the existing entry I think an additional sentence to the first paragraph like e.g. "With this option additional methods can be enabled which are evaluated and check locally." would make sense as well.

Added.

@alexey-tikhonov
Copy link
Member

Is this applicable to sssd-2.9 branch?

@justin-stephenson justin-stephenson force-pushed the local_auth_policy_man_update branch from 7b4205b to a8da705 Compare April 22, 2024 15:30
@justin-stephenson
Copy link
Contributor Author

Is this applicable to sssd-2.9 branch?

Yes, local_auth_policy is evaluated there.

@justin-stephenson
Copy link
Contributor Author

@madhuriupadhye Does this help? You can install the COPR build https://copr.fedorainfracloud.org/coprs/g/sssd/pr7294/ to see the table which is added to man sssd.conf by this PR.

Copy link
Contributor

@madhuriupadhye madhuriupadhye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/man/sssd.conf.5.xml Outdated Show resolved Hide resolved
@justin-stephenson justin-stephenson force-pushed the local_auth_policy_man_update branch from a8da705 to 261d75b Compare May 3, 2024 13:04
@justin-stephenson justin-stephenson force-pushed the local_auth_policy_man_update branch from 261d75b to bfcdfd6 Compare May 3, 2024 13:04
Copy link
Contributor

@sumit-bose sumit-bose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

thanks for the updates, ACK.

bye,
Sumit

@jakub-vavra-cz
Copy link
Contributor

Pushed PR: #7294

  • master
    • b32f596 - man: Add local_auth_policy table
  • sssd-2-9
    • f36ecd2 - man: Add local_auth_policy table

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants