[Freeipa-users] compat plug-in and replication
JR Aquino
JR.Aquino at citrix.com
Fri Mar 16 19:33:16 UTC 2012
On Mar 16, 2012, at 11:54 AM, Stephen Ingram wrote:
I've seen mention about the compat plug-in causing issues with
replication. In my 2.1.4 installation I notice that the plug-in is
turned on by default. Is compat only required for those supporting NIS
or does it serve another purpose. As I don't use NIS, I'm just
wondering if it's safe to turn off.
To compliment what Rob mentioned...
Compat is also generally necessary for any user who wishes to utilize Sudo with FreeIPA.
Sudo does not natively understand what a 'hostgroup' is, so it can only utilize NIS netgroups for this. Care was taken when designing the FreeIPA hostgroup and nis compatibility system such that any hostgroup that is created has a mirrored (and semi hidden) NIS netgroup created.
This way when you build Sudo rules and reference 'hostgroups', transparently, it is really referencing NIS netgroups stored inside of ldap and provided by the compat / nis plugins.
Hope this helps clear some stuff up about why one would want compat and nis turned on in FreeIPA.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117<x-apple-data-detectors://0/0>
T: +1 805.690.3478<tel:+1%C2%A0805.690.3478>
C: +1 805.717.0365<tel:+1%20805.717.0365>
jr.aquino at citrixonline.com<mailto:jr.aquino at citrixonline.com>
http://www.citrixonline.com<http://www.citrixonline.com/>
More information about the Freeipa-users
mailing list