[Freeipa-users] Using DHCPD with IPA
Stephen Gallagher
sgallagh at redhat.com
Wed Jan 25 12:27:23 UTC 2012
On Tue, 2012-01-24 at 20:11 -0600, ~Stack~ wrote:
> > You can manage to have machines still fetch data from IPA, but they
> > can't be full fledged clients if you can't preserve the keytab and some
> > other configuration.
>
> As long as I can have a user log into the box and run a process, I don't
> really care if they are a full client or not. Theses systems are never
> logged into directly, but through a ssh connection so if the users can
> still authenticate into them I might be good on this. How do I configure
> this?
You can set the clients up as pure LDAP+KRB5 clients in SSSD, but the
catch is that you lose the ability to configure them with HBAC rules.
(You need to do more traditional forms of access-control logic in that
case).
Only fully-enrolled clients will honor HBAC rules at this time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120125/f2a6f200/attachment.sig>
More information about the Freeipa-users
mailing list