[Freeipa-users] sssd v "other" methods
Stephen Gallagher
sgallagh at redhat.com
Thu Jun 23 21:32:01 UTC 2011
On Thu, 2011-06-23 at 21:17 +0000, Steven Jones wrote:
> Hi,
>
> looking at sssd enforcing the HBAC, is it possible to [easily] or even
> possible to achieve the same thing with say openlap or 389?
Right now, the SSSD is making certain assumptions that the server
providing the HBAC rules is an IPA server. However, I know that JR
Aquino wrote a pam_python module a while ago that works (without offline
capabilities) with the current HBAC approach.
Things will get a little more complex when the HBAC rules are extended
to support time ranges, though. But there's no firm timeline on that
yet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110623/175e0c67/attachment.sig>
More information about the Freeipa-users
mailing list