Re: [SSSD-users] Use SSSD as a 'proxy'

On Fri, Oct 03, 2014 at 02:01:04PM +0200, Eric VS wrote: > Hi all, > > I'm new to this list and to SSSD. I just set up SSSD so that our admins can > authenticate on Linux using their Active Directory username. For this I > have a centralized 'box' (AUTH01) in the production environment. Everything > works on that single box authenticating to the AD. My question now is if > there's a way to have other Linux VMs (CentOS 6.5) in that environment > authenticate against that AUTH01 instance using only SSSD? Or do I need > something on top of it? > > Sorry if this is a question that's already been asked but I've been > searching the internet without any luck yet. > > Kind regards, > > *Eric * > > *E-mail: vs.eric(a)gmail.com <vs.eric(a)gmail.com&gt;* I don't think this is currently possible, SSSD only supports authentication against an LDAP server, a KDC or variants of the latter (AD, IPA, ...) The IPA server mode currently does something similar, the IPA server which is acting a bit like proxy listens to requests from clients and does a PAM conversation against locally running SSSD which talks to AD servers. But still, there is a component (ns-slapd in that case) that talks to the local SSSD and smart clients that talk to ns-slapd. _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users