sssd可能是更具“前瞻性”的选择.在这种程度上,其他答案是正确的.也就是说,与流行的观点相反,sssd并没有完全取代nslcd的功能.
nslcd优于sssd的主要(情境)优势是您可以编写带参数替换的自定义authz查询:
pam_authz_search FILTER
This option allows flexible fine tuning of the authorisation check that should be performed. The search filter specified is executed and if any entries
match, access is granted, otherwise access is denied.
The search filter can contain the following variable references: $username, $service, $ruser, $rhost, $tty, $hostname, $dn, and $uid. These references
are substituted in the search filter using the same syntax as described in the section on attribute mapping expressions below.
For example, to check that the user has a proper authorizedService value if the attribute is present: (&(objectClass=posixAccount)(uid=$username)
(|(authorizedService=$service)(!(authorizedService=*))))
The default behaviour is not to do this extra search and always grant access.
我最后一次检查sssd文档(在过去六个月内),仍然没有替换此功能.所以这真的取决于这个功能是否足够重要,以撇开sssd整合解决方案的好处.
2070
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
