You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear System Roles Community,
I would like to share an idea with you that originated in a discussion with another systems administrator.
My contact has asked me how to configure and manage authentication settings across different RHEL major releases at scale. They face the challenge that the different releases ship different tools. For example, RHEL 7 uses authconfig while RHEL 8 and 9 use authselect and sssctl. Of course you should not use authselect when your host ist part of Red Hat Enterprise Linux Identity Management (IdM) as joining your host to an IdM domain with the ipa-client-install command automatically configures SSSD authentication on your host. And editing the PAM files directly is AFAIK also not recommended. Therefore enhancing pam_pwd or creating a similar role does not seem reasonable.
I understand the desire to have one consistent way to deploy or template the target configuration to all hosts across the infrastructure. Only I lack an idea on how to accomplish this and if it's even possible with reasonable effort. And that's why I brought this topic to the table.
What do you think about this?
Is this something useful to do with a System Role?
Does it seem to complex or the different parts moving to fast to maintain a role for it?
Did I miss important aspects of the overall topic authentication and authorization?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Dear System Roles Community,
I would like to share an idea with you that originated in a discussion with another systems administrator.
My contact has asked me how to configure and manage authentication settings across different RHEL major releases at scale. They face the challenge that the different releases ship different tools. For example, RHEL 7 uses
authconfig
while RHEL 8 and 9 useauthselect
andsssctl
. Of course you should not useauthselect
when your host ist part of Red Hat Enterprise Linux Identity Management (IdM) as joining your host to an IdM domain with theipa-client-install
command automatically configures SSSD authentication on your host. And editing the PAM files directly is AFAIK also not recommended. Therefore enhancing pam_pwd or creating a similar role does not seem reasonable.I understand the desire to have one consistent way to deploy or template the target configuration to all hosts across the infrastructure. Only I lack an idea on how to accomplish this and if it's even possible with reasonable effort. And that's why I brought this topic to the table.
Looking forward to hearing your thoughts on this.
Best regards,
Joerg
Beta Was this translation helpful? Give feedback.
All reactions