Bug 1312353 - [RFE] HBAC for Non-SSSD Linux and Unix Systems
[RFE] HBAC for Non-SSSD Linux and Unix Systems
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2016-02-26 09:11 EST by Luc de Louw
Modified: 2016-02-29 06:29 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-29 06:29:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Luc de Louw 2016-02-26 09:11:07 EST
Description of problem:
Most organizations have a heterogeneous environment with Linux and Unix systems. For Linux, mostly RHEL, IPA is a nice solution for IdM. However, HBAC must also be possible for other Linux and Unix systems.

sssd-ldap in newer versions is using the host attribute, like pam_ldap does. A better solution is probably a portable version of pam_hbac. See https://github.com/jhrozek/pam_hbac

Version-Release number of selected component (if applicable):

How reproducible:
IPA 4.2, RHEL 7.2

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 3 Jakub Hrozek 2016-02-26 12:41:36 EST
Please note that there's nothing much to do on the server side, all the infra is already there. What we need to do is to finish the pam_hbac module and provide it in some way to our customers.
Comment 4 Martin Kosek 2016-02-29 06:29:55 EST
Correct. This is something we cannot even track here in Red Hat Bugzilla as it is the other platforms that needs to adopt the pam_hbac module.

Note You need to log in before you can comment on or make changes to this bug.