The server my Apache is running on is joined to domain and running sssd.
The point is, that I need to authorize users based on a groups they are member of.
I do not think mod_authz_pam is capable of doing that.
Mod_authz_unixgroup is doing what I need, but that's not in RH repo.
That's why I thought mod_lookup_identity could potentially help here.
From: Jan Pazdziora [mailto:firstname.lastname@example.org]
Sent: Monday, September 03, 2018 10:58 AM
Subject: [SSSD-users] Re: mod_lookup_identity & Apache authorization
I don't think mod_lookup_identity is what you are looking for, it does not deal with
You don't say how your users authenticate, so I'll assume you have that sorted
out. In that case, mod_authnz_pam might be the way to go. You mention you use SSSD, so
account required pam_sss.so
(without the auth module) should delegate the authorization to SSSD.
Jan (not subscribed to the mailing list, replying via WebUI)
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.