Alexander Bokovoy wrote:
> On la, 11 helmi 2017, Harald Dunkel wrote:
>> On 02/11/17 11:57, Alexander Bokovoy wrote:
>>> On la, 11 helmi 2017, Michael Ströder wrote:
>>>> (Personally I'd avoid going through PAM.)
>>> Any specific reason for not using pam_sss? Remember, with SSSD involved
>>> you get also authentication for trusted users from Active Directory
>>> realms. You don't get that with generic LDAP way. Also, you'd be more
>>> efficient in terms of utilising LDAP connections.
>> I would prefer if the users are not allowed to login into a
>> shell on the Jenkins server. Surely this restriction can be
>> implemented with pam as well.
> Yes, you can use HBAC rules to prevent them from access to the host.

But this introduces a hard dependency on host system administration which I 
always try to avoid.

As said: Your mileage may vary.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to