Learn more about these different git repos.
Other Git URLs
The pac responder interface should have a configuration option that tells it what user ids are allowed to send PAC information, this way we can configure exactly which unprivileged processes can send us information as 'trusted pac providers'.
Also we should set a Selinux context on the pac responder socket so that we can further confine access via MAC.
owner: somebody => sbose
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
rhbz: => 0
echo 123456789 | nc -U /var/lib/sss/pipes/pac || echo failed
with different user. For users with a UID in the allowed_uids nothing is returned otherwise 'failed'
patch: 0 => 1
resolution: => fixed
status: new => closed
Metadata Update from @simo:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.0 beta 4
to comment on this ticket.