[Freeipa-users] Jenkins integration?
Alexander Bokovoy
abokovoy at redhat.com
Sat Feb 11 15:11:39 UTC 2017
On la, 11 helmi 2017, Michael Ströder wrote:
>Alexander Bokovoy wrote:
>> On la, 11 helmi 2017, Harald Dunkel wrote:
>>> On 02/11/17 11:57, Alexander Bokovoy wrote:
>>>> On la, 11 helmi 2017, Michael Ströder wrote:
>>>>>
>>>>> (Personally I'd avoid going through PAM.)
>>>> Any specific reason for not using pam_sss? Remember, with SSSD involved
>>>> you get also authentication for trusted users from Active Directory
>>>> realms. You don't get that with generic LDAP way. Also, you'd be more
>>>> efficient in terms of utilising LDAP connections.
>>>>
>>>
>>> I would prefer if the users are not allowed to login into a
>>> shell on the Jenkins server. Surely this restriction can be
>>> implemented with pam as well.
>>
>> Yes, you can use HBAC rules to prevent them from access to the host.
>
>But this introduces a hard dependency on host system administration which I personally
>always try to avoid.
>
>As said: Your mileage may vary.
So we are talking about FreeIPA and a system enrolled to FreeIPA. This
system is already managed in FreeIPA.
Your mileage may vary, indeed, but I'd rather re-use what is available
to you than implement a parallel infrastructure, including reliability
aspects.
Anyway, I think we are distancing away from the original topic.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list