Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1564088
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
1. Proposed title of this feature request ---> Allow changing default behavior of SSSD from an allow-any default to a deny-any default when it can't find any GPOs to apply to a user login. 3. What is the nature and description of the request? ---> need an option to allow changing default behavior of SSSD from an allow-any default to a deny-any default when it can't find any GPOs to apply to a user login. 4. Why does the customer need this? (List the business requirements here) ---> The only available behavior of SSSD in the event of GPO processing errors is to allow any realm logins to occur. Meaning if someone messes up a GPO security setting (or who knows what else) we no longer have any effective access control on our Linux hosts. We should be able to specify a deny-login policy in the event GPO processing errors occur. 5. How would the customer like to achieve this? (List the functional requirements here) ---> Add a config option to sssd.conf called 'ad_gpo_deny_access_on_failure' to ensure if any GPO processing failures are encountered no realm logins are permitted. 6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. --->
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1564088
Metadata Update from @jhrozek: - Issue assigned to mzidek - Issue priority set to: minor - Issue set to the milestone: SSSD 2.0
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4715
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.