73 lines
2.0 KiB
Diff
73 lines
2.0 KiB
Diff
From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001
|
|
From: ikerexxe <ipedrosa@redhat.com>
|
|
Date: Tue, 4 Aug 2020 15:39:51 +0200
|
|
Subject: [PATCH] config: allow prompting options in configuration
|
|
|
|
False warnings were logged after enabling prompting options in
|
|
configuration file. This change modifies the configuration rules to
|
|
allow prompting options.
|
|
|
|
Resolves:
|
|
https://github.com/SSSD/sssd/issues/5259
|
|
|
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
---
|
|
src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++
|
|
1 file changed, 34 insertions(+)
|
|
|
|
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
|
|
index 2874ea048..2d4e7b51d 100644
|
|
--- a/src/config/cfg_rules.ini
|
|
+++ b/src/config/cfg_rules.ini
|
|
@@ -14,6 +14,10 @@ section = session_recording
|
|
section_re = ^secrets/users/[0-9]\+$
|
|
section_re = ^secrets/secrets$
|
|
section_re = ^secrets/kcm$
|
|
+section_re = ^prompting/password$
|
|
+section_re = ^prompting/password/[^/\@]\+$
|
|
+section_re = ^prompting/2fa$
|
|
+section_re = ^prompting/2fa/[^/\@]\+$
|
|
section_re = ^domain/[^/\@]\+$
|
|
section_re = ^domain/[^/\@]\+/[^/\@]\+$
|
|
section_re = ^application/[^/\@]\+$
|
|
@@ -332,6 +336,36 @@ option = scope
|
|
option = users
|
|
option = groups
|
|
|
|
+# Prompting during authentication
|
|
+[rule/allowed_prompting_password_options]
|
|
+validator = ini_allowed_options
|
|
+section_re = ^prompting/password$
|
|
+
|
|
+option = password_prompt
|
|
+
|
|
+[rule/allowed_prompting_2fa_options]
|
|
+validator = ini_allowed_options
|
|
+section_re = ^prompting/2fa$
|
|
+
|
|
+option = single_prompt
|
|
+option = first_prompt
|
|
+option = second_prompt
|
|
+
|
|
+[rule/allowed_prompting_password_subsec_options]
|
|
+validator = ini_allowed_options
|
|
+section_re = ^prompting/password/[^/\@]\+$
|
|
+
|
|
+option = password_prompt
|
|
+
|
|
+[rule/allowed_prompting_2fa_subsec_options]
|
|
+validator = ini_allowed_options
|
|
+section_re = ^prompting/2fa/[^/\@]\+$
|
|
+
|
|
+option = single_prompt
|
|
+option = first_prompt
|
|
+option = second_prompt
|
|
+
|
|
+
|
|
[rule/allowed_domain_options]
|
|
validator = ini_allowed_options
|
|
section_re = ^\(domain\|application\)/[^/]\+$
|
|
--
|
|
2.21.3
|
|
|