On 03/06/2017 02:49 PM, Jakub Hrozek wrote:
Hi,
I prepared a design page for a new feature about fetching and
authenticating non-POSIX users:
https://docs.pagure.org/SSSD.sssd/design_pages/non_posix_support.html
For your convenience, I'm also copying the .rst text below:
Support for non-POSIX users and groups
======================================
Related ticket(s):
------------------
https://pagure.io/SSSD/sssd/issue/3310
I find this document quite hard to understand, so I want to ensure I get
it right:
1) You can't have one domain that return both posix and non-posix users.
2) PAM is allowed to login a non-posix users for given services.
3) If CACHE_REQ_APP is used, non-posix domains are searched first then
posix domains.
4) If CACHE_REQ_POSIX is used, non-posix domains are skipped.
5) Non-posix domains require fully qualified name.
6) Posix users return only posix groups membership.
7) Non-posix users return both posix and non-posix membership.
Is this right? Did I miss something important?
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
