On Fri, Sep 10, 2021 at 3:20 AM Daniil Kirilyuk daniel.kirilyuk@gmail.com wrote:
We're developing a java application, which should authenticate users against both LDAP and custom formatted files containing user information. Both username/password and certificate authentication are planned to be supported. Our application should run mainly on RHEL. We were estimating the possibility to use SSSD for this purpose. After some investigation it seems, that SSSD can be called from java code only via D-Bus. It also seems, that it can be used mainly for fetching user information. but not for authentication.
If your application runs primarily on RHEL, it might make more sense to use PAM instead (maybe via JNI?), instead of hardcoding the use of sssd. (Typically, on Linux systems, sssd is called via PAM.)
That way, system administrators would have near-complete flexibility in configuring your application’s authentication, because they could do so via PAM… like virtually every other Linux application that needs to perform user authentication.