On Sat, Feb 11, 2017 at 02:41:12PM -0500, Mario Rossi wrote: > Jakub, > > For my production servers I enabled local provider on the customer facing > servers. I have configured an emergency user that will not be shown in > /etc/passwd . In a hosting environment anyone can get a a domain for a just > a few $$ and this exposes passwd file. If I add the account to /etc/passwd > it could be bruteforced as most brute-forcing scripts will reference the > file. However if I add it via sss_* tools , the account is invisible to > them. > > I've read the wiki page and I understood the need for replacing it. If > id_provider=local will be removed I can live without it :)
Interesting use-case. By the way, I've received some other feedback from users who configure the id_provider=local, so I'm no longer sure we can remove it. And, as Sumit noted to me off-list, the local provider is sufficiently tested by Red Hat's QA team, so we are usually reminded quite quickly if something goes south. Thanks for the response. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
