-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPEC: build minimal / container oriented SSSD #7262
base: master
Are you sure you want to change the base?
Conversation
fbcfc56
to
f127ff9
Compare
19ab13a
to
7247ea5
Compare
d24edcd
to
93f7db6
Compare
93f7db6
to
72284fe
Compare
a44a325
to
9dd499a
Compare
9dd499a
to
58ce984
Compare
This may also be useful for embedded systems as well. Systems that don't have systemd but are considering running sssd as a sidecar process to handle auth. |
Hi @slominskir,
Could you please explain your use case in a more details? Does "sidecar process" means a container? If SSSD runs inside a container, it doesn't matter if host runs Systemd, it matters if Systemd runs inside that container... Do you use SSSD to auth apps bundled into the same container or do you mount '/var/lib/sss/pipes/' from the container to the host and use 'libnss_sss.so.2' and 'pam_sss.so' on the host? |
Hi @alexey-tikhonov, Specifically, we use Red Hat Identity Manager in our network of Red Hat Linux hosts, but we also have other hosts we would like to secure. These other hosts include embedded systems running software such as RTEMS. When I say sidecar I simply mean delegate auth to the separate sssd app instead of handling it inside our own app. Ideally this would all occur on the same host, but it may be possible to network mount /var/lib/sss/pipes from a sidecar host. Any insights you can provide would be appreciated. |
You can build and use SSSD without Systemd dependency. This PR can be considered as an example. But I don't know if RTEMS has all required deps, if it's POSIX compatible, etc. I.e. I don't know if you can build natively for RTEMS.
I see, this has nothing to do with "containers" per se. |
58ce984
to
89346b3
Compare
89346b3
to
dc4d49e
Compare
Those depends on 'systemd' integration.
to be used in containers-like environments where no system wide logger is available.
dc4d49e
to
498183d
Compare
No description provided.