Hi list, This is more of a feature request, and I don't know if this is the right venue to ask. If not, kindly direct me to the proper place.
The sssd configuration separates identity, authentication, and access providers. It would be nice to specify that only the access provider be enforced in a particular PAM stack. Generically, this is the authn vs authz issue. I would like to be able to use sssd for authz exclusively in some instances where other authentication is deemed satisfactory. Use cases: ssh with public key + 2nd factor token authentication + sssd access filtering su without password + sssd access filtering custom service with external authentication + sssd access filtering I haven't delved too deeply into the sssd source to see how hard it would be to implement something like a pam argument authz_only that skips the auth provider, but it seems like it should be reasonable. Thoughts? Sincerely, Zach _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
