Issue #3165: [RFE] Allow to handle users from trusted domains in HBAC, sudo and netgroup natively - freeipa

freeipa

#3165 [RFE] Allow to handle users from trusted domains in HBAC, sudo and netgroup natively

Opened 11 years ago by simo. Modified 7 years ago

Currenty FreeIPA supports adding 'external members' to special groups in order to map external users coming from trust relationships to freeipa groups. This is used primarily to build the MS-PAC for filesystem access purposes.
We should make sure we can use the same method for HBAC, sudo and eventually netgroup objects in order to better integrate authorization of users from trusted realms.

orion commented 7 years ago

This would be greatly appreciated. It is quite the pain to create the external and local groups for each user in order to reference them in HBAC rules.

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Ticket Backlog

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#3165 [RFE] Allow to handle users from trusted domains in HBAC, sudo and netgroup natively Opened 11 years ago by simo. Modified 7 years ago

Close issue as:

Metadata

#3165 [RFE] Allow to handle users from trusted domains in HBAC, sudo and netgroup natively

Opened 11 years ago by simo. Modified 7 years ago