[Freeipa-devel] URI in HBAC - design page
Lukáš Hellebrandt
lhellebr at redhat.com
Tue Mar 29 08:57:51 UTC 2016
On 03/24/2016 01:31 PM, Jan Pazdziora wrote:
> On Wed, Mar 23, 2016 at 06:39:45PM +0100, Petr Vobornik wrote:
>> On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
>>> I created a design page for the feature:
>>>
>>> http://www.freeipa.org/page/URI-based-HBAC-design
>>
>> 1. The design page doesn't mention if mod_authnz_pam will be extended or
>> some new 'pam_sss' Apache module will be created. Or is it actually
>> mod_hbacauthz_pam as said in 'how to test'?
>
> If PAM is used and pam_sss is extended to accept the URL in PAM
> environment for pam_acct_mgmt, I'd expect patch would be proposed
> against mod_authnz_pam.
>
> If that turns out not to be a viable option, using SSSD's D-Bus
> interface might the way to go, in which case it would likely be new
> module, something like mod_authz_sssd.
>
I have created my own Apache module serving just for this purpose
(mod_hbacauthz_pam), but extending mod_authnz_pam is a matter of minutes
and I will likely do that, too.
--
Lukas Hellebrandt
Associate Quality Engineer
lhellebr at redhat.com
More information about the Freeipa-devel
mailing list