On 02/11/17 11:57, Alexander Bokovoy wrote:
> On la, 11 helmi 2017, Michael Ströder wrote:
>> (Personally I'd avoid going through PAM.)
> Any specific reason for not using pam_sss? Remember, with SSSD involved
> you get also authentication for trusted users from Active Directory
> realms. You don't get that with generic LDAP way. Also, you'd be more
> efficient in terms of utilising LDAP connections.
I would prefer if the users are not allowed to login into a
shell on the Jenkins server. Surely this restriction can be
implemented with pam as well.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project