Learn more about these different git repos.
Other Git URLs
Currently, the cached_auth_timeout option allows SSSD to authenticate against cached credentials even in online mode, but this is only possible at a global level. It may be desirable to do this per-service, or per-user.
For example, assume a SVN server is heavily using SSSD for authentication. It would be nice to reduce load on the server by using cached credentials for the SVN service, while still requiring all ssh authentication into the host to always use the server in online mode. This same situation would apply if there is a certain user account that is very frequently used by an application.
A possible solution would be to have whitelist/blacklist options for services and users that control how cached_auth_timeout is used.
I wonder if we can use PAM service string to key this or if we need to use a UID or another identity we can read from getpeercred() or similar..
getpeercred()
Well, we already use the service string for access control, so it's probably OK </thinking-out-loud>
Nathan, I think this makes sense, but how urgent this RFE is? I'm just wondering which milestone to file the ticket to.
Fields changed
summary: Allow cached_auth_timeout to be applied per service and/or user => [RFE] Allow cached_auth_timeout to be applied per service and/or user
This makes sense, but unless the priority is set otherwise, I would say we can wait for the next release, which would roughly map to RHEL-7.4
Nathan, if you disagree and think we need to fix this ticket sooner, please holler.
milestone: NEEDS_TRIAGE => SSSD 1.16 beta
rhbz: => todo
Metadata Update from @nkinder: - Issue set to the milestone: SSSD Future releases (no date set yet)
Metadata Update from @thalman: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field sensitive reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: None - Issue tagged with: Canditate to close
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4108
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.