Re: [Freeipa-users] sssd v "other" methods
On 06/23/2011 06:08 PM, Steven Jones wrote: > Hi, > > I didnt really mean point sssd at something else besides IPA, but where any > other "package" can do what sssd and HBAC can achieve > > In a way I'm looking to justify why we buy IPA as opposed to connecting > directly to AD or using something like Likewise. I do not get the question. If you considering Likewise it will extend the AD access controls to the client. It is up to you to compare all the technical and non technical benefits of either approach. Unfortunately we can't help you with any white papers containing comparisons of the alternatives or pricing for IPA at the moment. But we will be very interested to hear your opinion why it is worth or not worth to use IPA + SSSD vs AD + Likewise. > regards > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Stephen Gallagher [sgall...@redhat.com] > Sent: Friday, 24 June 2011 9:32 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] sssd v "other" methods > > On Thu, 2011-06-23 at 21:17 +, Steven Jones wrote: >> Hi, >> >> looking at sssd enforcing the HBAC, is it possible to [easily] or even >> possible to achieve the same thing with say openlap or 389? > Right now, the SSSD is making certain assumptions that the server > providing the HBAC rules is an IPA server. However, I know that JR > Aquino wrote a pam_python module a while ago that works (without offline > capabilities) with the current HBAC approach. > > Things will get a little more complex when the HBAC rules are extended > to support time ranges, though. But there's no firm timeline on that > yet. > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sssd v "other" methods
Hi, I didnt really mean point sssd at something else besides IPA, but where any other "package" can do what sssd and HBAC can achieve In a way I'm looking to justify why we buy IPA as opposed to connecting directly to AD or using something like Likewise. regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Stephen Gallagher [sgall...@redhat.com] Sent: Friday, 24 June 2011 9:32 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] sssd v "other" methods On Thu, 2011-06-23 at 21:17 +, Steven Jones wrote: > Hi, > > looking at sssd enforcing the HBAC, is it possible to [easily] or even > possible to achieve the same thing with say openlap or 389? Right now, the SSSD is making certain assumptions that the server providing the HBAC rules is an IPA server. However, I know that JR Aquino wrote a pam_python module a while ago that works (without offline capabilities) with the current HBAC approach. Things will get a little more complex when the HBAC rules are extended to support time ranges, though. But there's no firm timeline on that yet. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sssd v "other" methods
On Thu, 2011-06-23 at 21:17 +, Steven Jones wrote: > Hi, > > looking at sssd enforcing the HBAC, is it possible to [easily] or even > possible to achieve the same thing with say openlap or 389? Right now, the SSSD is making certain assumptions that the server providing the HBAC rules is an IPA server. However, I know that JR Aquino wrote a pam_python module a while ago that works (without offline capabilities) with the current HBAC approach. Things will get a little more complex when the HBAC rules are extended to support time ranges, though. But there's no firm timeline on that yet. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] sssd v "other" methods
Hi, looking at sssd enforcing the HBAC, is it possible to [easily] or even possible to achieve the same thing with say openlap or 389? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users