Hi, I didnt really mean point sssd at something else besides IPA, but where any other "package" can do what sssd and HBAC can achieve....
In a way I'm looking to justify why we buy IPA as opposed to connecting directly to AD or using something like Likewise. regards ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Stephen Gallagher [sgall...@redhat.com] Sent: Friday, 24 June 2011 9:32 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] sssd v "other" methods On Thu, 2011-06-23 at 21:17 +0000, Steven Jones wrote: > Hi, > > looking at sssd enforcing the HBAC, is it possible to [easily] or even > possible to achieve the same thing with say openlap or 389? Right now, the SSSD is making certain assumptions that the server providing the HBAC rules is an IPA server. However, I know that JR Aquino wrote a pam_python module a while ago that works (without offline capabilities) with the current HBAC approach. Things will get a little more complex when the HBAC rules are extended to support time ranges, though. But there's no firm timeline on that yet. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
