Thanks for an awesome product! I have two questions that I can't seem to
find answers for...

1). How long is the delay between changing a HBAC rule and it coming into
affect on the host machine?
Currently this information only seems to be updated on the host after an
'service sssd reload/restart' also are the HBAC access rules are stored
within LDAP Directory?

2). We would also like to use FreeIPA in a trusted network but then have
perhaps a read-only slave sitting in DMZ with the possibility of not
containing the KDC or LDAP password stores on it, is this possible?
 (Basically authentication being done by a different PAM module, but
pam_sss.so still allowing HBAC via the PAM 'account' directive.)
Is it possible to have a 'regular' LDAP directory (in the DMZ) just
slurping down the required LDAP info?

Many Thanks
Freeipa-users mailing list

Reply via email to