On May 11, 2011, at 12:25 PM, JR Aquino wrote:
>> These are all workarounds, I assume having the functionality available
>> trough the native sssd
>> would be of an advantage. But this way you would the mentioned extra
>> functionality of SSSD without
>> having to do the work of supporting your competitors operating systems. :)
> There have been _some_ discussions surrounding a pam module that could be
> used as a very base level of hbac support since there are a lot of
> pre-required dependancies for sssd.
> The advantage would be theoretical portability, and the loss would be caching.
> I have personally written such a pam plugin prototype in python, and it
> functions just fine in linux installations. the c code that calls the python
> script is not compatible with open_pam,
> so there is still work to be done to support the BSD / MAC solutions, but I
> believe its just a matter of some syntax changes...
After closer inspection it appears that OpenPam appears to try to remain
compatible with Solaris, so, a method for providing a non caching bare bones
openpam compatible module would likely satisfy Solaris, MacOSX and the BSDs.
Freeipa-users mailing list