SSSD / sssd

Clone

a32f94f GPO: Improve logging of GPO security filtering

1 file Authored by thor 3 years ago, Committed by pbrezina 3 years ago,
raw patch tree parent
1 file changed. 23 lines added. 17 lines removed.
src/providers/ad/ad_gpo.c
file modified
+23 -17 
    GPO: Improve logging of GPO security filtering
    
    GPO security filtering is as critical as the actual logon policy rights
    checking. Administrators should not only be able to figure out, why GPO
    access check granted or denied a user login, but also why a GPO access
    check was not performed due to security filtering.
    
    GPO access check can be logged using debug level Function Data, whereas GPO
    security filtering can only be logged with lowest level tracing.
    
    - Debug the main security filtering activities on level Function Data
    - Debug missing security descriptor as minor failure, because it terminates
      GPO security filtering.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3324
    
    Signed-off-by: REIM THOMAS <reimth@gmail.com>
    
    Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+23 -17
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.