[Freeipa-users] Jenkins integration?
Alexander Bokovoy
abokovoy at redhat.com
Sat Feb 11 13:06:12 UTC 2017
On la, 11 helmi 2017, Harald Dunkel wrote:
>On 02/11/17 11:57, Alexander Bokovoy wrote:
>> On la, 11 helmi 2017, Michael Ströder wrote:
>>>
>>> (Personally I'd avoid going through PAM.)
>> Any specific reason for not using pam_sss? Remember, with SSSD involved
>> you get also authentication for trusted users from Active Directory
>> realms. You don't get that with generic LDAP way. Also, you'd be more
>> efficient in terms of utilising LDAP connections.
>>
>
>I would prefer if the users are not allowed to login into a
>shell on the Jenkins server. Surely this restriction can be
>implemented with pam as well.
Yes, you can use HBAC rules to prevent them from access to the host.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list