From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 4 Aug 2020 15:39:51 +0200 Subject: [PATCH] config: allow prompting options in configuration False warnings were logged after enabling prompting options in configuration file. This change modifies the configuration rules to allow prompting options. Resolves: https://github.com/SSSD/sssd/issues/5259 Reviewed-by: Sumit Bose --- src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048..2d4e7b51d 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -14,6 +14,10 @@ section = session_recording section_re = ^secrets/users/[0-9]\+$ section_re = ^secrets/secrets$ section_re = ^secrets/kcm$ +section_re = ^prompting/password$ +section_re = ^prompting/password/[^/\@]\+$ +section_re = ^prompting/2fa$ +section_re = ^prompting/2fa/[^/\@]\+$ section_re = ^domain/[^/\@]\+$ section_re = ^domain/[^/\@]\+/[^/\@]\+$ section_re = ^application/[^/\@]\+$ @@ -332,6 +336,36 @@ option = scope option = users option = groups +# Prompting during authentication +[rule/allowed_prompting_password_options] +validator = ini_allowed_options +section_re = ^prompting/password$ + +option = password_prompt + +[rule/allowed_prompting_2fa_options] +validator = ini_allowed_options +section_re = ^prompting/2fa$ + +option = single_prompt +option = first_prompt +option = second_prompt + +[rule/allowed_prompting_password_subsec_options] +validator = ini_allowed_options +section_re = ^prompting/password/[^/\@]\+$ + +option = password_prompt + +[rule/allowed_prompting_2fa_subsec_options] +validator = ini_allowed_options +section_re = ^prompting/2fa/[^/\@]\+$ + +option = single_prompt +option = first_prompt +option = second_prompt + + [rule/allowed_domain_options] validator = ini_allowed_options section_re = ^\(domain\|application\)/[^/]\+$ -- 2.21.3