Jen Malloy
GitHub
commit
c3903f6a17
1 changed files with 6 additions and 35 deletions
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
=== SSSD and FreeIPA Identity Management Integration
|
||||
|
||||
{{book.project.name}} also comes with a built-in https://fedorahosted.org/sssd/wiki[SSSD] (System Security Services Daemon) plugin. SSSD is part of the latest Fedora or Red Hat Enterprise Linux and provides access to multiple identity and authentication providers. It provides benefits such as failover and offline support. To see configuration options and for more information see https://fedorahosted.org/sssd/wiki/Documentation[the Fedora documentation].
|
||||
{{book.project.name}} also comes with a built-in https://fedorahosted.org/sssd/wiki[SSSD] (System Security Services Daemon) plugin. SSSD is part of the latest Fedora or Red Hat Enterprise Linux and provides access to multiple identity and authentication providers. It provides benefits such as failover and offline support. To see configuration options and for more information see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/SSSD.html[the Red Hat Enterprise Linux Identity Management documentation].
|
||||
|
||||
SSSD also integrates with the http://www.freeipa.org/page/Main_Page[FreeIPA identity management (IdM)] server, providing authentication and access control. For {book_project_name}, we benefit from this integration authenticating against http://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html[PAM] services and retrieving user data from SSSD.
|
||||
SSSD also integrates with the http://www.freeipa.org/page/Main_Page[FreeIPA identity management (IdM)] server, providing authentication and access control. For {book_project_name}, we benefit from this integration authenticating against http://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html[PAM] services and retrieving user data from SSSD. For more information about using Red Hat Identity Management in Linux environments, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html[the Red Hat Enterprise Linux Identity Management documentation].
|
||||
|
||||
image:../../{{book.images}}/keycloak-sssd-freeipa-integration-overview.png[]
|
||||
|
||||
|
|
@ -64,42 +64,13 @@ You must run the provisioning script available from the Keycloak distribution:
|
|||
|
||||
{% if book.product %}
|
||||
|
||||
You must copy and run this provisioning script:
|
||||
You must run this provisioning script:
|
||||
|
||||
[source,bash]
|
||||
[source]
|
||||
----
|
||||
$ .../bin/federation-sssd-setup.sh
|
||||
----
|
||||
|
||||
#!/bin/sh
|
||||
|
||||
# Setup for SSSD
|
||||
SSSD_FILE="/etc/sssd/sssd.conf"
|
||||
|
||||
if [ -f "$SSSD_FILE" ];
|
||||
then
|
||||
sed -i '/ldap_tls_cacert/a ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber' $SSSD_FILE
|
||||
sed -i 's/nss, sudo, pam/nss, sudo, pam, ifp/' $SSSD_FILE
|
||||
sed -i '/\[ifp\]/a allowed_uids = root\nuser_attributes = +mail, +telephoneNumber, +givenname, +sn' $SSSD_FILE
|
||||
systemctl restart sssd
|
||||
else
|
||||
echo "Please make sure you have $SSSD_FILE into your system! Aborting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Setup for PAM
|
||||
PAM_FILE="/etc/pam.d/keycloak"
|
||||
|
||||
if [ ! -f "$PAM_FILE" ];
|
||||
then
|
||||
cat <<EOF > $PAM_FILE
|
||||
auth required pam_sss.so
|
||||
account required pam_sss.so
|
||||
EOF
|
||||
else
|
||||
echo "$PAM_FILE already exists. Skipping it..."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
----
|
||||
{% endif %}
|
||||
|
||||
This script makes the necessary changes to `/etc/sssd/sssd.conf`:
|
||||
|
|
|
|||
Loading…
Reference in a new issue