On 06/23/2011 06:08 PM, Steven Jones wrote:
> I didnt really mean point sssd at something else besides IPA, but where any
> other "package" can do what sssd and HBAC can achieve....
> In a way I'm looking to justify why we buy IPA as opposed to connecting
> directly to AD or using something like Likewise.
I do not get the question.
If you considering Likewise it will extend the AD access controls to the
It is up to you to compare all the technical and non technical benefits
of either approach.
Unfortunately we can't help you with any white papers containing
comparisons of the alternatives or pricing for IPA at the moment.
But we will be very interested to hear your opinion why it is worth or
not worth to use IPA + SSSD vs AD + Likewise.
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
> behalf of Stephen Gallagher [sgall...@redhat.com]
> Sent: Friday, 24 June 2011 9:32 a.m.
> To: email@example.com
> Subject: Re: [Freeipa-users] sssd v "other" methods
> On Thu, 2011-06-23 at 21:17 +0000, Steven Jones wrote:
>> looking at sssd enforcing the HBAC, is it possible to [easily] or even
>> possible to achieve the same thing with say openlap or 389?
> Right now, the SSSD is making certain assumptions that the server
> providing the HBAC rules is an IPA server. However, I know that JR
> Aquino wrote a pam_python module a while ago that works (without offline
> capabilities) with the current HBAC approach.
> Things will get a little more complex when the HBAC rules are extended
> to support time ranges, though. But there's no firm timeline on that
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list