Jakub,
I am very interested in your standalone HBAC PAM module if you think it
would apply in this situation. I would be happy to test it out if helpful.
Thanks again for you help,
Warren Birnbaum
___
Warren Birnbaum : Infrastructure Services
Digital Linux Infrastructure
Jakub,
We want to use password stored in AD and get a yes/no from the AD side.
My understanding (which is very limited) is that if we use the IPA
authentication then it resides in the local kerberos database. Is that
not correct? If I am completely off, how would I setup type of
authentication
On Mon, Feb 15, 2016 at 03:58:15PM +, Birnbaum, Warren (ETW) wrote:
> Jakub,
>
> We want to use password stored in AD and get a yes/no from the AD side.
OK, I see. Yes, with IPA provider you would authenticate the IPA user
against the IPA KDC.
> My understanding (which is very limited) is
On Mon, Feb 15, 2016 at 11:24:08AM +, Birnbaum, Warren (ETW) wrote:
> Hi Jakub,
>
> Thanks but I have sudo working OK.
I'm sorry, my fault..
> What I am trying make work is HBAC.
> That I can¹t get to work with the proxy hack. Is there a way to do that?
I haven't tested that use-case,
On Mon, 15 Feb 2016, Birnbaum, Warren (ETW) wrote:
Alexander,
Thanks for letting me know this. Is it true then that my only option is
to have the IPA AD trust to achieve AD authentication (proxy style), HBAC
and sudo?
I'm not sure using 'proxy' term is actually helpful here. IPA does not
work
On (15/02/16 11:45), Birnbaum, Warren (ETW) wrote:
>Thanks Lukas.
>
>Unfortunately setting up a IPA Ad Trust is something not possible within
>our organization. Is it then fair to say that waiting for Ticket #4623 is
>our only option? https://fedorahosted.org/freeipa/ticket/4634
>
As I wrote
Alexander,
Thanks for letting me know this. Is it true then that my only option is
to have the IPA AD trust to achieve AD authentication (proxy style), HBAC
and sudo?
Thanks
___
Warren Birnbaum : Infrastructure Services
Digital Linux Infrastructure Services
Europe CDT Techn.
On Mon, 15 Feb 2016, Birnbaum, Warren (ETW) wrote:
Thanks Lukas.
Unfortunately setting up a IPA Ad Trust is something not possible within
our organization. Is it then fair to say that waiting for Ticket #4623 is
our only option? https://fedorahosted.org/freeipa/ticket/4634
This ticket is not
Thanks Lukas.
Unfortunately setting up a IPA Ad Trust is something not possible within
our organization. Is it then fair to say that waiting for Ticket #4623 is
our only option? https://fedorahosted.org/freeipa/ticket/4634
Thanks,
Warren
___
Warren Birnbaum : Infrastructure
On (15/02/16 09:34), Birnbaum, Warren (ETW) wrote:
>Hello,
>
>I would like to get freeipa to work with a proxy solution ( I currently have
>this working with an active directory/no trust authentication and sudo but no
>HBAC) including HBAC. I can get sudo to work but not HBAC. I see there is a
Hi Jakub,
Thanks but I have sudo working OK. What I am trying make work is HBAC.
That I can¹t get to work with the proxy hack. Is there a way to do that?
Thanks,
Warren
___
Warren Birnbaum : Infrastructure Services
Digital Linux Infrastructure Services
Europe CDT Techn.
On Mon, Feb 15, 2016 at 09:34:33AM +, Birnbaum, Warren (ETW) wrote:
> Hello,
>
> I would like to get freeipa to work with a proxy solution ( I currently have
> this working with an active directory/no trust authentication and sudo but no
> HBAC) including HBAC. I can get sudo to work but
Hello,
I would like to get freeipa to work with a proxy solution ( I currently have
this working with an active directory/no trust authentication and sudo but no
HBAC) including HBAC. I can get sudo to work but not HBAC. I see there is a
ticket for this as a new enhancement #4634 but wanted
13 matches
Mail list logo
