Hello Thanks for an awesome product! I have two questions that I can't seem to find answers for...
1). How long is the delay between changing a HBAC rule and it coming into affect on the host machine? Currently this information only seems to be updated on the host after an 'service sssd reload/restart' also are the HBAC access rules are stored within LDAP Directory? 2). We would also like to use FreeIPA in a trusted network but then have perhaps a read-only slave sitting in DMZ with the possibility of not containing the KDC or LDAP password stores on it, is this possible? (Basically authentication being done by a different PAM module, but pam_sss.so still allowing HBAC via the PAM 'account' directive.) Is it possible to have a 'regular' LDAP directory (in the DMZ) just slurping down the required LDAP info? Many Thanks Campbell
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users