On 11/08/2012 04:55 AM, Jakub Hrozek wrote: > On Thu, Nov 08, 2012 at 10:41:28AM +0100, Ondrej Valousek wrote: >> Hi List, >> >> Quick question (maybe not the right one for this list). Is there any >> alternative for netgroups in Linux? >> I mean netgroups are tightly bound to NIS which is insecure piece of >> crap so I wonder if there is any new alternative which should (can) >> be used in any new deployment. >> >> Thanks! >> Ondrej > HBAC is the best solution, I think. > > Other than that, access control can be also set per service and per host > in LDAP, see ldap_user_authorized_service or ldap_user_authorized_host. > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users Jakub jumped to conclusion that this is for access control but it might be better to ask: what is the use case?
IPA provides a host grouping mechanism but no software other than SSSD understands hosts and host groups yet. So what do you want to accomplish? Netgroups can also come over LDAP, this is what IPA is capable of. You are not required to use NIS server and protocol for netgroups. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
