On Fri, Jul 23, 2010 at 10:49:41AM +0200, Christian Horn wrote:
> On Thu, Jul 22, 2010 at 03:30:23PM -0400, Scott Duckworth wrote:
> > There are almost 120,000 users in our directory, and we currently have ~200
> > Linux systems that might use SSSD, soon scaling to >500 systems. I imagine
> > that even 500 systems is only a medium-scale installation compared to some
> > sites.
> I recentl had a look at rhel6beta which offers sssd and nscd/nslcd.
> Had implemented ldap authorization/authentication with sssd when i dis-
> covered that netgroups are not available yet.
> Mainly used with pam_access and sudo here for authorization.
> Do you mind what you are using instead in your environment?
> Or are these users just all authorized to do the same?
Netgroup support is planned for version 1.4.0 (see
The most flexible way of access control is to use sssd together with a
FreeIPA v2 server (the Alpha4 release was published recently). There are
also plan to add sudo support into FreeIPA (see
http://www.freeipa.org/page/SUDO_integration_plans for details).
You can use the 'simple' access control provider (see man sssd-simple)
or use sssd for users and groups and let nslcd fetch netgroups until
sssd supports it natively.
> Freeipa-users mailing list
Freeipa-users mailing list