Hi. I wonder if we should switch over to sssd as the primary authentication (PAM) and directory lookup (NSS) mechanism in Debian Edu Jessie. This would make configuration easier and make it easier to hook up a Debian Edu client to other kind of authentication and directory services, like Active Directory or an non-Debian Edu LDAP server.
At the moment the roaming workstation use sssd (libpam-sss and libnss-sss) for authentication and directory lookup (and libnss-ldapd for the networks database), while the other use libpam-krb5 for authentication and libnss-ldapd for directory lookup. I propose we switch all networked profiles to use the same setup we use in roaming workstations. It is tested and work well, even in non-Debian Edu environments. For example I can install a roaming workstation at the university of Oslo and it will automatically use the Kerberos and LDAP service provided here for authentication and user lookup. :) I expect it to work similarly in other environments too. At the moment, sssd do not seem to handle the network nss database, but I am not sure if that is a problem. The network entries are only used to make the route output nicer, as far as I know, and we can easily drop them. Are there other problems we need to consider before switching? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
