Hi, On Wed, Jan 03, 2018 at 04:03:39PM +0100, Michael Ströder wrote: > Sudarshan Soma wrote: > > Does sssd/NSS has a way to fetch user names from sources like > > RADIUS/TACACS server? > My impression is that while this might be theoretically possible, nobody > does this. Especially it's not clear to me how you would push group > membership to the system. And AFAICS in case of TACACS+ there's also > only a single "role" available (translate this to single group). Just for the sake of completeness: TACACS+ can return arbitrary key-value pairs, so you can build whatever authorization / grouping scheme on top of TACACS+ that you want. Not sure anyone has done that before, so this advice is still valid: > So the usual answer is: Use LDAP. ... as more people have done it, thus more software supports it, and things are more likely to "just work". gert -- now what should I write here... Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev