-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
man: Add local_auth_policy table #7294
man: Add local_auth_policy table #7294
Conversation
4e0cdfb
to
7b4205b
Compare
src/man/sssd.conf.5.xml
Outdated
<row><entry namest='c1' nameend='c4' align='center'> | ||
local_auth_policy = match (default)</entry></row> | ||
<row><entry></entry><entry>Passkey</entry> | ||
<entry>Smartcard</entry><entry>2FA</entry></row> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
why is there a 2FA
column? This is not controlled by the local_auth_policy
option.
Additionally I think the wording which local authentication methods are currently enabled or disabled for each backend
might be misleading. If e.g. AD is not configured for Smartcard authentication then it will not be enabled on the client if match
is used.
After reading the existing entry I think an additional sentence to the first paragraph like e.g. "With this option additional methods can be enabled which are evaluated and check locally." would make sense as well.
bye,
Sumit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
why is there a
2FA
column? This is not controlled by thelocal_auth_policy
option.
Removed.
Additionally I think the wording
which local authentication methods are currently enabled or disabled for each backend
might be misleading. If e.g. AD is not configured for Smartcard authentication then it will not be enabled on the client ifmatch
is used.
I added, if configured properly,
to address this.
After reading the existing entry I think an additional sentence to the first paragraph like e.g. "With this option additional methods can be enabled which are evaluated and check locally." would make sense as well.
Added.
Is this applicable to sssd-2.9 branch? |
7b4205b
to
a8da705
Compare
Yes, |
@madhuriupadhye Does this help? You can install the COPR build https://copr.fedorainfracloud.org/coprs/g/sssd/pr7294/ to see the table which is added to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
a8da705
to
261d75b
Compare
261d75b
to
bfcdfd6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
thanks for the updates, ACK.
bye,
Sumit
Feedback from other indicates that understanding the new local_auth_policy option can be confusing. Add a table to the man page which explains which local methods are enabled/disabled for each backend. This is applicable for the default "match" value.