On 02/11/17 11:57, Alexander Bokovoy wrote: > On la, 11 helmi 2017, Michael Ströder wrote: >> >> (Personally I'd avoid going through PAM.) > Any specific reason for not using pam_sss? Remember, with SSSD involved > you get also authentication for trusted users from Active Directory > realms. You don't get that with generic LDAP way. Also, you'd be more > efficient in terms of utilising LDAP connections. >
I would prefer if the users are not allowed to login into a shell on the Jenkins server. Surely this restriction can be implemented with pam as well. Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
