On May 11, 2011, at 12:25 PM, JR Aquino wrote:
>> These are all workarounds, I assume having the functionality available 
>> trough the native sssd
>> would be of an advantage. But this way you would the mentioned extra 
>> functionality of SSSD without
>> having to do the work of supporting your competitors operating systems. :)
> There have been _some_ discussions surrounding a pam module that could be 
> used as a very base level of hbac support since there are a lot of 
> pre-required dependancies for sssd.
> The advantage would be theoretical portability, and the loss would be caching.
> I have personally written such a pam plugin prototype in python, and it 
> functions just fine in linux installations.  the c code that calls the python 
> script is not compatible with open_pam,
> so there is still work to be done to support the BSD / MAC solutions, but I 
> believe its just a matter of some syntax changes...

After closer inspection it appears that OpenPam appears to try to remain 
compatible with Solaris, so, a method for providing a non caching bare bones 
openpam compatible module would likely satisfy Solaris, MacOSX and the BSDs.

Freeipa-users mailing list

Reply via email to