[Freeipa-users] Question about ldap proxy/AD + sudo + HBAC
Alexander Bokovoy
abokovoy at redhat.com
Mon Feb 15 12:09:02 UTC 2016
On Mon, 15 Feb 2016, Birnbaum, Warren (ETW) wrote:
>Alexander,
>
>Thanks for letting me know this. Is it true then that my only option is
>to have the IPA AD trust to achieve AD authentication (proxy style), HBAC
>and sudo?
I'm not sure using 'proxy' term is actually helpful here. IPA does not
work as a proxy authentication when it trusts AD forest. All
authentication happens directly against AD domain controllers, and IPA
is only used to host resources specific to Linux deployments. Given that
HBAC is a feature of IPA, not AD, you cannot have HBAC working in other
configurations.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list