On 03/07/2017 01:16 PM, Pavel Březina wrote:
On 03/06/2017 02:49 PM, Jakub Hrozek wrote:
Hi,
I prepared a design page for a new feature about fetching and authenticating non-POSIX users: https://docs.pagure.org/SSSD.sssd/design_pages/non_posix_support.html
For your convenience, I'm also copying the .rst text below:
Support for non-POSIX users and groups
Related ticket(s):
https://pagure.io/SSSD/sssd/issue/3310I find this document quite hard to understand, so I want to ensure I get it right:
- You can't have one domain that return both posix and non-posix users.
- PAM is allowed to login a non-posix users for given services.
- If CACHE_REQ_APP is used, non-posix domains are searched first then
posix domains. 4) If CACHE_REQ_POSIX is used, non-posix domains are skipped. 5) Non-posix domains require fully qualified name. 6) Posix users return only posix groups membership. 7) Non-posix users return both posix and non-posix membership.
And 8) You can have two users, one posix, one non-posix with the same name.
Is this right? Did I miss something important?
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-leave@lists.fedorahosted.org