[Freeipa-devel] OTP Sync Client Design
Jakub Hrozek
jhrozek at redhat.com
Thu May 15 14:57:01 UTC 2014
On Wed, May 14, 2014 at 05:23:34PM -0400, Nathaniel McCallum wrote:
> > IMO SSSD should probably have a way to sync the token.
> > From usability point of view it should be a part of the standard stock
> > client software, not a part of the IPA client or ipa tools.
> > It should probably have a good UI integration too if token is used to
> > login into a laptop.
>
> SSSD has direct access to LDAP right? If so, it can just do a bind with
> the added control. That is actually the easiest way. Trying to access
> via a third API is probably actually more difficult.
Yes, SSSD uses the machine's account (the keytab), so whatever info you
can read using the machine credentials is avaibale to the SSSD.
More information about the Freeipa-devel
mailing list