Learn more about these different git repos.
Other Git URLs
Some hardened and confined infrastructure environments require not only secure authentication and authorization, but also audit by capturing the activity on the target terminal (input, output, what is on the screen).
There is open source project tlog that can provide this functionality.
There should be a way to configure whether the tlog shell should be started for a user based on a configuration switch. The configuration should be designed carefully because eventually we may want to control session recording policy centrally from FreeIPA based on HBAC-like or HBAC rules, i.e. based on the users/groups and hosts/hostgroups.
Provided that tlog is a shell, can we simply use the overrides/idviews to set the user shell?
Fields changed
cc: => spbnick
Replying to [comment:1 jhrozek]:
I am not sure we can because the shell in idview is the actual shell that user wants to use when he logs in. Tlog is a wrapper shell that should start the real shell the user actually wants.
So should we itroduce new option init_shell or wrapper_shell ?
Yes, something along those lines.
What is the time this feature should be done? Which upstream milestone?
For the time being moving to 1.14 Alpha and assigning to Nikolai. The feature should be self-contained, so we can move it to another milestone if needed.
cc: spbnick => milestone: NEEDS_TRIAGE => SSSD 1.14 alpha owner: somebody => spbnick
rhbz: => todo
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1311081
rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1311081 1311081]
Nick, is there still some sssd work needed?
milestone: SSSD 1.14 alpha => SSSD 1.14.0
We agreed no work on the tlog integration in sssd needs to be done in this version.
milestone: SSSD 1.14.0 => SSSD 1.16 beta
Replying to [comment:11 jhrozek]:
16? Not 15? Is it a placeholder or it is definitively moved a version after next?
Replying to [comment:12 dpal]:
Replying to [comment:11 jhrozek]: We agreed no work on the tlog integration in sssd needs to be done in this version. 16? Not 15? Is it a placeholder or it is definitively moved a version after next?
We renamed 16 to 15 because we would like to have a very-quick turnaround release (15) to be able to include some features in Fedora-25 which has the 'features testable' deadline quite soon: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/thread/XU3CSTXXJQNW4LGNOQZKNRBWQBPSXOVZ/
I don't really have an issue with moving the RFE back to 15 if everything is ready in time, but the Fedora deadline is in about a month, so it really depends on how fast the tlog integration progresses.
Metadata Update from @mkosek: - Issue assigned to spbnick - Issue set to the milestone: SSSD Future releases (no date set yet)
PR: https://github.com/SSSD/sssd/pull/136
Metadata Update from @jhrozek: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field sensitive reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: None - Issue tagged with: PR
Metadata Update from @jhrozek: - Custom field design_review reset (from false) - Custom field mark reset (from false) - Custom field patch reset (from false) - Custom field review reset (from false) - Custom field sensitive reset (from false) - Custom field testsupdated reset (from false) - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.15.4 (was: SSSD Future releases (no date set yet)) - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Custom field design_review reset (from false) - Custom field mark reset (from false) - Custom field patch reset (from false) - Custom field review reset (from false) - Custom field sensitive reset (from false) - Custom field testsupdated reset (from false) - Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3934
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.