[Freeipa-users] HBAC rule refreshes and read-only slaves
Cam McK
tomoyo at cam34.endjunk.com
Fri Jun 8 01:22:59 UTC 2012
Hello
Thanks for an awesome product! I have two questions that I can't seem to
find answers for...
1). How long is the delay between changing a HBAC rule and it coming into
affect on the host machine?
Currently this information only seems to be updated on the host after an
'service sssd reload/restart' also are the HBAC access rules are stored
within LDAP Directory?
2). We would also like to use FreeIPA in a trusted network but then have
perhaps a read-only slave sitting in DMZ with the possibility of not
containing the KDC or LDAP password stores on it, is this possible?
(Basically authentication being done by a different PAM module, but
pam_sss.so still allowing HBAC via the PAM 'account' directive.)
Is it possible to have a 'regular' LDAP directory (in the DMZ) just
slurping down the required LDAP info?
Many Thanks
Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120608/0dc15205/attachment.htm>
More information about the Freeipa-users
mailing list