On May 11, 2011, at 12:25 PM, JR Aquino wrote: >> >> These are all workarounds, I assume having the functionality available >> trough the native sssd >> would be of an advantage. But this way you would the mentioned extra >> functionality of SSSD without >> having to do the work of supporting your competitors operating systems. :) > > There have been _some_ discussions surrounding a pam module that could be > used as a very base level of hbac support since there are a lot of > pre-required dependancies for sssd. > > The advantage would be theoretical portability, and the loss would be caching. > > I have personally written such a pam plugin prototype in python, and it > functions just fine in linux installations. the c code that calls the python > script is not compatible with open_pam, > so there is still work to be done to support the BSD / MAC solutions, but I > believe its just a matter of some syntax changes...
After closer inspection it appears that OpenPam appears to try to remain compatible with Solaris, so, a method for providing a non caching bare bones openpam compatible module would likely satisfy Solaris, MacOSX and the BSDs. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
