[Freeipa-users] FreeIPA for Linux desktop deployment
JR Aquino
JR.Aquino at citrix.com
Wed May 11 19:29:21 UTC 2011
On May 11, 2011, at 12:25 PM, JR Aquino wrote:
>>
>> These are all workarounds, I assume having the functionality available trough the native sssd
>> would be of an advantage. But this way you would the mentioned extra functionality of SSSD without
>> having to do the work of supporting your competitors operating systems. :)
>
> There have been _some_ discussions surrounding a pam module that could be used as a very base level of hbac support since there are a lot of pre-required dependancies for sssd.
>
> The advantage would be theoretical portability, and the loss would be caching.
>
> I have personally written such a pam plugin prototype in python, and it functions just fine in linux installations. the c code that calls the python script is not compatible with open_pam,
> so there is still work to be done to support the BSD / MAC solutions, but I believe its just a matter of some syntax changes...
After closer inspection it appears that OpenPam appears to try to remain compatible with Solaris, so, a method for providing a non caching bare bones openpam compatible module would likely satisfy Solaris, MacOSX and the BSDs.
More information about the Freeipa-users
mailing list