On la, 11 helmi 2017, Harald Dunkel wrote:
On 02/11/17 11:57, Alexander Bokovoy wrote:
On la, 11 helmi 2017, Michael Ströder wrote:

(Personally I'd avoid going through PAM.)
Any specific reason for not using pam_sss? Remember, with SSSD involved
you get also authentication for trusted users from Active Directory
realms. You don't get that with generic LDAP way. Also, you'd be more
efficient in terms of utilising LDAP connections.

I would prefer if the users are not allowed to login into a
shell on the Jenkins server. Surely this restriction can be
implemented with pam as well.
Yes, you can use HBAC rules to prevent them from access to the host.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to