[Freeipa-users] Is sssd currently useable with freeipa v2 ?
Dmitri Pal
dpal at redhat.com
Mon May 3 19:17:35 UTC 2010
Stephen Gallagher wrote:
> On 05/03/2010 02:55 PM, Rob Crittenden wrote:
>> Oliver Burtchen wrote:
>>> What are the exact service-names to use in --service? I know basically
>>> they are the ones like in /etc/services, or what pam uses. But I
>>> noticed that both ssh and sshd are applicable for ssh. Is there
>>> somewhere a list or do they provide it by their selfs, and I can only
>>> make a good guess and try.
>>
>> To be honest, I'm not sure myself. I'm guessing that sssd has a
>> mechanism for determining this. I've filed
>> https://bugzilla.redhat.com/show_bug.cgi?id=588412 to track this
>> question.
>
>
> I'm going to let Sumit comment on the Bugzilla ticket, since he'd know
> better, but I'm 99% certain that we get this directly from PAM (as in,
> the application itself provides that data when making a PAM request).
>
> Looking at a recent auth I performed on my system, I see the raw PAM
> data that comes in from (for example) 'su -l' is reported to us as
> "service: su-l".
>
> My assumption is that SSSD's HBAC simply treats that as canonical.
>
Thanks for reminding me. It now rings the bell. The service name is what
application provides when uses pam calls. There is no full enumeration.
It is whatever is used by an application.
Having a good list would be nice though, at least identifying the
applications that we already know use specific service names.
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list