Hi, > IMHO your best solution would be to use https://sssd.io/ and https://www.keycloak.org/ to bundle your systems together. > > Keycloak would speak to your OIDC provider and translates the information in something sssd can understand. sssd than is put into your nsswitch.conf as provider for users, groups, etc. Thanks for the advice, but I don't see how it helps with my questions on how to build a system that does *not* do what you proposed. -nik
Attachment:
signature.asc
Description: PGP signature
