-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/17/2010 06:12 AM, imsand(a)puzzle.ch wrote:
Hello,
I’m referring to an older post (may 2008)
http://lists.fedoraproject.org/pipermail/selinux/2008-May/009449.html
The question is, if it’s possible to administer SELinux users and RBAC
stuff (like roles) in LDAP?
Are there some developments on this?
What about FreeIPA, do they have some sample code / libraries that I could
integrate in our company?
In our company everything relies on LDAP. So I must have a solution for
integrating SELinux in LDAP.
Thanks in advance
imsand
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
It would be fairly easy to integrate SELinux users and LDAP. We have
suggested people in the past to store this data in LDAP and then use
tools, perhaps in a cron job to extract the data and update the seusers
file. But the problem comes down to, how do you do seusers per machine?
My account on my laptop should be staff_u but my account on
people.fedoraproject.org or
people.redhat.com should be guest_u. As an
example.
IPA is supposed to address this by adding Machine Identity. We had some
discussion on having sssd handle some of this also at LinuxCon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkxqY3wACgkQrlYvE4MpobNcdgCcCRs6ZXEML1W+bgu/RQMDqqoY
M6kAoNH7UUZ1bwc0Y+sLOkMTOAHtXajZ
=nVLL
-----END PGP SIGNATURE-----