On Tue, 16 Jun 2015, Henry Hofmann wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I understand this is for application which is using Kerberos.
No, it is not only for that.

I have some web applications like "redmine" and "owncloud" which have a
own user management. They needs to be configure to LDAP to grant
authorizations without Kerberos. And not all of them used apache or
tomcat as application server.
For OwnCloud use
https://apps.owncloud.com/content/show.php/Unix+user+backend?content=148406
and read a backstory in https://github.com/owncloud/core/issues/10130

For redmine use http://www.redmine.org/plugins/redmine_pam_auth. You
don't need to include the user which runs redmine into shadow group with
FreeIPA because user accounts are never in /etc/shadow for FreeIPA so
you don't need that access.

Both these methods rely on PAM authentication which is powered by SSSD.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to