SSSD is changing its default policy to not take source host into account when checking HBAC rules. HBAC test plugin in FreeIPA needs to handle this case as well.
Making source host for HBAC test optional will constitute an API change. This API change is not going to be a problem for UI as there is no Web UI for HBAC test yet, but for the command line client, though all it means is that the client will always pass the source host (even empty, via --srchost=*) and server needs to be prepared to accept empty string source host as opposed to source host option missing (optional).
I'll put it into December.
master: 0e037f2[[BR]] ipa-2-2: 3dc5be6
Metadata Update from @abbra: - Issue assigned to ohamada - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.