[Freeipa-users] Jenkins integration?
Michael Ströder
michael at stroeder.com
Sat Feb 11 13:18:03 UTC 2017
Alexander Bokovoy wrote:
> On la, 11 helmi 2017, Harald Dunkel wrote:
>> On 02/11/17 11:57, Alexander Bokovoy wrote:
>>> On la, 11 helmi 2017, Michael Ströder wrote:
>>>>
>>>> (Personally I'd avoid going through PAM.)
>>> Any specific reason for not using pam_sss? Remember, with SSSD involved
>>> you get also authentication for trusted users from Active Directory
>>> realms. You don't get that with generic LDAP way. Also, you'd be more
>>> efficient in terms of utilising LDAP connections.
>>>
>>
>> I would prefer if the users are not allowed to login into a
>> shell on the Jenkins server. Surely this restriction can be
>> implemented with pam as well.
>
> Yes, you can use HBAC rules to prevent them from access to the host.
But this introduces a hard dependency on host system administration which I personally
always try to avoid.
As said: Your mileage may vary.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170211/48669581/attachment.p7s>
More information about the Freeipa-users
mailing list