Currently hbacrule and selinuxusermap allows special characters in the names. Also there is no limit on the number of characters allowed in the name.
# ipa hbacrule-add abcdefghijkilmop# ipa hbacrule-add ?@*$ ---------------------- Added HBAC rule "?@*$" ---------------------- Rule name: ?@*$ Enabled: TRUE # ipa hbacrule-add abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstu123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Added HBAC rule "abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstu123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Rule name: abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstu123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789 Enabled: TRUE # ipa selinuxusermap-add --selinuxuser=guest_u:s0 ?@*$ ----------------------------- Added SELinux User Map "?@*$" ----------------------------- Rule name: ?@*$ SELinux User: guest_u:s0 Enabled: TRUE # ipa selinuxusermap-add --selinuxuser=guest_u:s0 abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyz123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Added SELinux User Map "abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyz123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789" ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Rule name: abcdefghijkilmopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyzabcdefghijkilmopqrstuvwxyz123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789 SELinux User: guest_u:s0 Enabled: TRUE
When this issue is fixed, please provide information on number of characters allowed and a list of special characters that are not allowed in hbacrule and selinuxusermap.
The question is: what do names like this hurt? Is something not working or does the length/character set just seem strange?
Metadata Update from @aakkiang: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.