[Freeipa-devel] URI in HBAC - design page
Jan Pazdziora
jpazdziora at redhat.com
Thu Mar 24 12:31:50 UTC 2016
On Wed, Mar 23, 2016 at 06:39:45PM +0100, Petr Vobornik wrote:
> On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
> >I created a design page for the feature:
> >
> >http://www.freeipa.org/page/URI-based-HBAC-design
>
> 1. The design page doesn't mention if mod_authnz_pam will be extended or
> some new 'pam_sss' Apache module will be created. Or is it actually
> mod_hbacauthz_pam as said in 'how to test'?
If PAM is used and pam_sss is extended to accept the URL in PAM
environment for pam_acct_mgmt, I'd expect patch would be proposed
against mod_authnz_pam.
If that turns out not to be a viable option, using SSSD's D-Bus
interface might the way to go, in which case it would likely be new
module, something like mod_authz_sssd.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list