RHEL8 Identity

Share this link

SSSD

  • SSSD connects Linux system to central identity stores (IdM, AD, LDAP)
  • All information is cached locally for offline use
  • Advanced integration with IdM and AD, integration with Linux (SUDO, SELinux, 2FA)
SSSD

Modules Evolution

  • pam_pkcs11 is abandoned (upstream decision)
  • nss_ldap & pam_ldap will be removed in next major release, bug fix only in RHEL 8
  • SSSD introduces Kerberos Credential Manager service
modules evolution

Authselect

  • Brand new tool replacing authconfig
    • Main motivation: administrator no longer builds a PAM stack by a tool (potentially ending with broken configuration), but rather selects a tested PAM profile
    • Other motivations: authconfig was a dated component (initiated back in 1999), with no Python 3 support and deprecated GUI (Python 2.7 will EOL support in 2020)
authselect
  • Benefits
    • Properly tested profiles – lower risk of lock out 
    • Clarity and quality – profiles are easy to read, modify and test
    • Custom profiles – allows administrator to create and ship own profiles in /etc/authselect/custom
    • Smaller footprint, written in C
  • Scope: configures authentication and identity resources
    • Generates /etc/nsswitch.conf and PAM configuration from selected profile
    • Does not configure actual PAM modules, done by ipa-client-install, realmd, Ansible
  • Compatibility: for applications, scripts and kickstarts that were relaying on the authconfig, there is now a wrapper around authselect
    • It is translating calls to authconfig into calls to authselect
    • Not all options are supported but the main ones are
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a block backstore of 100MB called lv_iscsi with basic authentication, ext4 filesystem and standard firewall configuration.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...

Archives