Hi,
> The former. But you can register users with homed easily. i.e. just
> "upload" a JSON user record to it, and it will manage it. But this
> step is necessary.
That gives me a gratis cache layer on top, right ;)?
But it means that my users will look like homed-managed and cannot be
differen
On Do, 24.11.22 14:29, Dominik George ([email protected]) wrote:
> Hi Lennart,
>
> > (BTW; I kinda hope that one day systemd-homed could directly
> > authenticate home directories via OIDC too. In fact, I want it so that
> > you can just type in any OpenID identity on a login prompt, and this
> >
Hi Lennart,
> (BTW; I kinda hope that one day systemd-homed could directly
> authenticate home directories via OIDC too. In fact, I want it so that
> you can just type in any OpenID identity on a login prompt, and this
> would authenticate a user and create a local homedir on the fly if
> needed.)
Hi,
> how do you intend to support getty logins, i.e. non-graphical
> text-based only logins, where you cannot just open a webbrowser? oidc
> device flow?
Exactly.
> That's tough. PAM has a lot on implicit and explicit state attached to
> the PAM handle... And you can have PAM conversations and
On Do, 24.11.22 13:36, Dominik George ([email protected]) wrote:
> Hi,
>
> > (BTW; I kinda hope that one day systemd-homed could directly
> > authenticate home directories via OIDC too. In fact, I want it so that
> > you can just type in any OpenID identity on a login prompt, and this
> > would a
Hi,
> (BTW; I kinda hope that one day systemd-homed could directly
> authenticate home directories via OIDC too. In fact, I want it so that
> you can just type in any OpenID identity on a login prompt, and this
> would authenticate a user and create a local homedir on the fly if
> needed.)
that's
On Do, 24.11.22 12:46, Dominik George ([email protected]) wrote:
> Ah, so what would happen here is that even if the MUltiplexer, which
> is privileged, talks to my IPC service and receives the "privileged"
> part, the Multiplexer will strip it off for me unless a privileged
> user is talking to
Hi Lennart,
thanks for your elaborate reply (although I completely missed the big
paragraph on the reasons for Varlink in the docs, making that part a
stupid question on my side ;)).
> Basically, a user record consist of multiple sections (i.e. json
> fields contain subobjects), one is called "pr
On Do, 24.11.22 00:58, Dominik George ([email protected]) wrote:
> Hi,
>
> for some time now, I have been investigating how to best make a
> desktop system talk to a web API (HTTP, REST) for user management, so
> NSS and PAM make HTTP requests to an API to verify authentication
> (using OIDC) and
Hi,
> IMHO your best solution would be to use https://sssd.io/ and
> https://www.keycloak.org/ to bundle your systems together.
>
> Keycloak would speak to your OIDC provider and translates the information in
> something sssd can understand. sssd than is put into your nsswitch.conf as
> provid
> Am 24.11.2022 um 00:58 schrieb Dominik George :
>
> Hi,
>
> for some time now, I have been investigating how to best make a
> desktop system talk to a web API (HTTP, REST) for user management, so
> NSS and PAM make HTTP requests to an API to verify authentication
> (using OIDC) and to retrieve
11 matches
Mail list logo
