I'm wondering if anyone has used FreeIPA with Debian clients, and if so, what 
client software you opted to use?
Right now I have nss-pam-ldapd (http://arthurdejong.org/nss-pam-ldapd/) and the 
MIT-based krb software that's included in Debian 6 working decently. By that I 
mean I can use it to allow logins as expected, but so far I haven't worked out 
allowing or disallowing login based on group membership.

Obviously the best solution would be a "real" IPA client, but has anyone 
attempted this? I mucked around a bit with the SSSD included in the Debian 
repos(1.2.1) but didn't get it to work. Though in all fairness I didn't try 
THAT hard since it seems like SSSD has evolved quite a bit since 1.2.1.
Is the SSSD route worthwhile?

I really just need group based logins, sudo controls I can handle based on 
groups with Puppet, but again, if the real client route isn't too much work 
that's of course preferable.

I hope this makes sense, late friday and I have a horrible headache, so if it 
doesn't I apologize in advance. :)

Freeipa-users mailing list

Reply via email to