Implemented AD/KRB/SSSD with both RH6 and RH7.
RH7 no issues, as we are using auto_private_groups that was added to 1.16.1.
In RH6 the issue ( sssd 1.13 ) is, that all users getting the same groups and
it is a clear security gap.
The only way to avoid this, based on the KB articles, is to use AD posix
attributes. If we don't waht to use this setup, is there any other recommended
way ?
The example of user/group representation, where all users getting the same
gid=273200513(domain users) :
id username uid=2755191114(ncircle) gid=273200513(domain users)
groups=273200513(domain users)
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org