#3302 KCM: Offer configurable session-scoped access control to credentials

Created 7 months ago by jhrozek
Modified a month ago

In addition to UID-based system-wide access control we could also do per-session (as set up and reported by logind). This would be non-default, configurable (configurable per-user or system-wide? tbd)

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.15.3

7 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.3

6 months ago

Metadata Update from @jhrozek:
- Custom field design_review reset
- Custom field mark reset
- Custom field patch reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue close_status updated to: None
- Issue set to the milestone: SSSD 1.15.4 (was: SSSD 1.15.3)

Note: there needs to be a way for NFS to get a credential cache. So KCM would need a syntax to say "give me a credential for some session for this user." Presumably the one with the most lifetime left.

a month ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: cleanup-one-sixteen

a month ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue untagged with: cleanup-one-sixteen
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)

Login to comment on this ticket.

enhancement

SSSD

1.15.0

false

false

false

false

false

false

cancel