> From: Dmitri Pal <d...@redhat.com>
> >> I want also my AD users (from IPA trust) to login inside thru ssh but
> >> afaik this seems to have some older SSSD version and same
> >> options that goes ok with CentOS 6 ipa-client wont work with CentOS
> >> So what should i modify that i can login to my CentOS 5 machine that
> >> to login AD trust users from IPA? Is there newer SSSD daemon
> >> centos 5?
> > No, it is not and it would be quite hard to build it, I think. You'd
> > need pretty recent version of Kerberos to support the PAC responder
> > handles users coming via trusts for instance.
> Yes this is quite a problem with the current solution.
Is there any guides for rhel 5.x/centos 5.x when using IPA and if that
system needs also AD users logins enabled, should we just enable some PAM
and all works if SSSD/IPA is also used?
> But we are looking for some ways to mitigate that.
> Question for you about the older systems:
> What would you prefer: those systems pointing to IPA and IPA having a
> way to serve account and authentication or point them directly to AD?
> Do you require kerberos authentication and SSO from those machines or
> simple LDAP authentication is OK?
> Do you have a requirement for all the authentications to actually happen
> in AD for audit purposes or they can happen in IPA when users come from
> the old clients and in AD with trusts when users access newer clients?
> Thanks for the input!
For me, would be good if all comes from (thru) IPA, but thats not
an requirement for me.
Freeipa-users mailing list