[Freeipa-users] FreeIPA for Linux desktop deployment
Stephen Gallagher
sgallagh at redhat.com
Wed May 11 12:42:31 UTC 2011
On Tue, 2011-05-10 at 23:42 +0200, Sigbjorn Lie wrote:
> Hi,
>
> I would like to see the ipa client scripts and possibly the admin tools
> in a nice Solaris package. This would make my job a lot easier as we
> have a lot of customers running Solaris. :)
>
> For the server part I agree with you, keep it at RHEL.
>
> SSSD @ Solaris / HP-UX / AIX ... well there isn't much (if any) of the
> UNIX vendors selling their iron as client machines anymore. And I don't
> see a considerable benefit in adding SSSD to servers, who will be well
> connected to the network anyway.
Actually, SSSD is still valuable on server systems (and is used very
often in datacenters). The reason is that it can allow a server to ride
out an outage in the LDAP and/or Kerberos server and still handle
authentication and identity requests from its cache.
We've expressed interest several times in working WITH other platforms
to help them port the SSSD, but we've received no real commitment to
assisting with it. We have a lot on our plates already, so it is
difficult for us to justify spending time improving our competitors'
offerings :)
Also, SSSD has additional features with FreeIPA integration that
nss_ldap and pam_krb5 do not. Specifically, it has support for managing
access-control using FreeIPA's host-based access control model. This is
a very valuable piece of the puzzle and should not be ignored.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110511/b6f0fa64/attachment.sig>
More information about the Freeipa-users
mailing list