Alexander Bokovoy wrote: > On la, 11 helmi 2017, Harald Dunkel wrote: >> On 02/11/17 11:57, Alexander Bokovoy wrote: >>> On la, 11 helmi 2017, Michael Ströder wrote: >>>> >>>> (Personally I'd avoid going through PAM.) >>> Any specific reason for not using pam_sss? Remember, with SSSD involved >>> you get also authentication for trusted users from Active Directory >>> realms. You don't get that with generic LDAP way. Also, you'd be more >>> efficient in terms of utilising LDAP connections. >>> >> >> I would prefer if the users are not allowed to login into a >> shell on the Jenkins server. Surely this restriction can be >> implemented with pam as well. > > Yes, you can use HBAC rules to prevent them from access to the host.
But this introduces a hard dependency on host system administration which I personally always try to avoid. As said: Your mileage may vary. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project