#3302 KCM: Offer configurable session-scoped access control to credentials

Created 5 months ago by jhrozek
Modified 6 days ago

In addition to UID-based system-wide access control we could also do per-session (as set up and reported by logind). This would be non-default, configurable (configurable per-user or system-wide? tbd)

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.15.3

5 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.3

4 months ago

Metadata Update from @jhrozek:
- Custom field design_review reset
- Custom field mark reset
- Custom field patch reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue close_status updated to: None
- Issue set to the milestone: SSSD 1.15.4 (was: SSSD 1.15.3)

Note: there needs to be a way for NFS to get a credential cache. So KCM would need a syntax to say "give me a credential for some session for this user." Presumably the one with the most lifetime left.

Login to comment on this ticket.

enhancement

SSSD

1.15.0

false

false

false

false

false

false

cancel