Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPEC: build minimal / container oriented SSSD #7262

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

SPEC: build minimal / container oriented SSSD #7262

wants to merge 9 commits into from

Conversation

alexey-tikhonov
Copy link
Member

No description provided.

@alexey-tikhonov alexey-tikhonov force-pushed the containers branch 16 times, most recently from fbcfc56 to f127ff9 Compare April 3, 2024 18:00
@alexey-tikhonov alexey-tikhonov mentioned this pull request Apr 3, 2024
Open
@alexey-tikhonov alexey-tikhonov force-pushed the containers branch 6 times, most recently from 19ab13a to 7247ea5 Compare April 6, 2024 13:34
@alexey-tikhonov alexey-tikhonov force-pushed the containers branch 6 times, most recently from d24edcd to 93f7db6 Compare April 26, 2024 12:10
@alexey-tikhonov alexey-tikhonov force-pushed the containers branch 12 times, most recently from a44a325 to 9dd499a Compare August 22, 2024 10:08
@alexey-tikhonov alexey-tikhonov mentioned this pull request Aug 22, 2024
Closed
@slominskir
Copy link

This may also be useful for embedded systems as well. Systems that don't have systemd but are considering running sssd as a sidecar process to handle auth.

@alexey-tikhonov
Copy link
Member Author

Hi @slominskir,

This may also be useful for embedded systems as well. Systems that don't have systemd but are considering running sssd as a sidecar process to handle auth.

Could you please explain your use case in a more details?

Does "sidecar process" means a container? If SSSD runs inside a container, it doesn't matter if host runs Systemd, it matters if Systemd runs inside that container...

Do you use SSSD to auth apps bundled into the same container or do you mount '/var/lib/sss/pipes/' from the container to the host and use 'libnss_sss.so.2' and 'pam_sss.so' on the host?

@slominskir
Copy link

Hi @alexey-tikhonov,
I'm exploring whether SSSD could be used as a generic client for Identity and Access Management as opposed to a Linux specific one. The answer may well be no. If systemd is required the answer is probably no (not practical).

Specifically, we use Red Hat Identity Manager in our network of Red Hat Linux hosts, but we also have other hosts we would like to secure. These other hosts include embedded systems running software such as RTEMS. When I say sidecar I simply mean delegate auth to the separate sssd app instead of handling it inside our own app. Ideally this would all occur on the same host, but it may be possible to network mount /var/lib/sss/pipes from a sidecar host. Any insights you can provide would be appreciated.

@alexey-tikhonov
Copy link
Member Author

Hi @alexey-tikhonov, I'm exploring whether SSSD could be used as a generic client for Identity and Access Management as opposed to a Linux specific one. The answer may well be no. If systemd is required the answer is probably no (not practical).

You can build and use SSSD without Systemd dependency. This PR can be considered as an example.

But I don't know if RTEMS has all required deps, if it's POSIX compatible, etc. I.e. I don't know if you can build natively for RTEMS.

Specifically, we use Red Hat Identity Manager in our network of Red Hat Linux hosts, but we also have other hosts we would like to secure. These other hosts include embedded systems running software such as RTEMS. When I say sidecar I simply mean delegate auth to the separate sssd app instead of handling it inside our own app.

I see, this has nothing to do with "containers" per se.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexey-tikhonov @slominskir