Currently the web UI only offers 'MS-PAC' and 'PAD' as authorization data in the 'Pac type' section. An option to set the value to 'NONE' is missing.
It is important to have 'NONE' here as well, otherwise it is not possible to override a default, which is used if the attribute is empty, in a way that no authorization data is added to a Kerberos ticket.
It should be taken care that if 'NONE' is selected any other selection is automatically dropped.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=910450
The usability of the radio-checkbox hybrid should be review. Current discussion: http://www.redhat.com/archives/freeipa-devel/2013-February/msg00130.html
We need to improve the design.
Summary of the proposed design: - Functionality should be equal to partially mutual exclusive checkboxes. - Radios should ensure the exclusivity - Inherited option basically means no checkbox checked
PAC: ( ) Inherited ( ) None (o) Type: [x] MS-PAC [ ] PAD
Problem: It cat get into not desired state:
PAC: ( ) Inherited ( ) None (o) Type: [ ] MS-PAC [ ] PAD
It basically means the same as Inherited because Type has no value, it's just a switch.
Problems with that state: - it's a valid value: "" - forcing to check MS-PAC or PAD doesn't seem right
I think there could be a simple solution here:
Why do we need a "Type" header? They all seem as they are all types under PAC options.
PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD
Replying to [comment:6 kybaker]:
I think there could be a simple solution here: Why do we need a "Type" header? They all seem as they are all types under PAC options. {{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD }}}
{{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD }}}
This would not work since MS-PAC and PAD are not mutually exclusive but rather additive. If you want a simple list then you need also to have a MS-PAC + PAD option
{{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD ( ) MS-PAC + PAD
Replying to [comment:7 dpal]:
Replying to [comment:6 kybaker]: I think there could be a simple solution here: Why do we need a "Type" header? They all seem as they are all types under PAC options. {{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD }}} This would not work since MS-PAC and PAD are not mutually exclusive but rather additive. If you want a simple list then you need also to have a MS-PAC + PAD option {{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD ( ) MS-PAC + PAD }}}
{{{ PAC: ( ) Inherited ( ) None (o) MS-PAC ( ) PAD ( ) MS-PAC + PAD }}}
That makes sense. I think this is clearer than the checkboxes.
Move all uncompleted tickets to next month bucket.
What would be wrong with this?
PAC: ( ) Inherited (o) Type: [ ] MS-PAC [ ] PAD
i.e. None would be given by selecting Type: with none of the options.
Type:
It's not intuitive.
The first simple "hotfix" solution pushed to ipa-3-1 branch only:[[BR]] ipa-3-1: 722b188
Master:
Metadata Update from @sbose: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 3.2 - 2013/03
Login to comment on this ticket.