On Sat, May 19, 2012 at 03:11:44PM -0700, David Copperfield wrote:
>    Hi Jakub and Rich,
>    Got it.
>    Thanks a lot on the HBAC and sudoes maps access. I think I got confused
>    with the graph in the powerpoint
> presentation http://www.redhat.com/summit/2011/presentations/summit/whats_next/friday/pal_crittenden_f_1100_ipa_overview_rev3.pdf.
>    The graph 'Under the hood' claimed that user/group/netgroup/HBAC will go
>    through sssd, while other maps (sudo, autofs?)  would goes through
>    nss_ldap.

There's no hard rule, we've historically developed support for the most
important name-service-switch libc maps such as groups and passwd, then
gradually added support for other maps like netgroups depending on demand
for them.

In some special cases, we even add application-specific responders such
as the ones for sudo and autofs in 1.8. These communicate with the app
using their own protocol via a unix pipe, not through the name service
switch maps (even though both sudo and autofs are configured in the
nsswitch.conf file).

Freeipa-users mailing list

Reply via email to