On Thu, 2011-06-23 at 21:17 +0000, Steven Jones wrote: > Hi, > > looking at sssd enforcing the HBAC, is it possible to [easily] or even > possible to achieve the same thing with say openlap or 389?
Right now, the SSSD is making certain assumptions that the server providing the HBAC rules is an IPA server. However, I know that JR Aquino wrote a pam_python module a while ago that works (without offline capabilities) with the current HBAC approach. Things will get a little more complex when the HBAC rules are extended to support time ranges, though. But there's no firm timeline on that yet.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users