[Freeipa-users] Is sssd currently useable with freeipa v2 ?
Stephen Gallagher
sgallagh at redhat.com
Mon May 3 19:11:42 UTC 2010
On 05/03/2010 02:55 PM, Rob Crittenden wrote:
> Oliver Burtchen wrote:
>> What are the exact service-names to use in --service? I know basically
>> they are the ones like in /etc/services, or what pam uses. But I
>> noticed that both ssh and sshd are applicable for ssh. Is there
>> somewhere a list or do they provide it by their selfs, and I can only
>> make a good guess and try.
>
> To be honest, I'm not sure myself. I'm guessing that sssd has a
> mechanism for determining this. I've filed
> https://bugzilla.redhat.com/show_bug.cgi?id=588412 to track this question.
I'm going to let Sumit comment on the Bugzilla ticket, since he'd know
better, but I'm 99% certain that we get this directly from PAM (as in,
the application itself provides that data when making a PAM request).
Looking at a recent auth I performed on my system, I see the raw PAM
data that comes in from (for example) 'su -l' is reported to us as
"service: su-l".
My assumption is that SSSD's HBAC simply treats that as canonical.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
More information about the Freeipa-users
mailing list