On Fri, Jul 23, 2010 at 10:49:41AM +0200, Christian Horn wrote: > On Thu, Jul 22, 2010 at 03:30:23PM -0400, Scott Duckworth wrote: > > > > There are almost 120,000 users in our directory, and we currently have ~200 > > Linux systems that might use SSSD, soon scaling to >500 systems. I imagine > > that even 500 systems is only a medium-scale installation compared to some > > sites. > > I recentl had a look at rhel6beta which offers sssd and nscd/nslcd. > Had implemented ldap authorization/authentication with sssd when i dis- > covered that netgroups are not available yet. > Mainly used with pam_access and sudo here for authorization. > > Do you mind what you are using instead in your environment? > Or are these users just all authorized to do the same?
Netgroup support is planned for version 1.4.0 (see https://fedorahosted.org/sssd/ticket/358). The most flexible way of access control is to use sssd together with a FreeIPA v2 server (the Alpha4 release was published recently). There are also plan to add sudo support into FreeIPA (see http://www.freeipa.org/page/SUDO_integration_plans for details). You can use the 'simple' access control provider (see man sssd-simple) or use sssd for users and groups and let nslcd fetch netgroups until sssd supports it natively. HTH bye, Sumit > > > Christian > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users