No Description

Edin Sarajlic 6ccca9ec33 Simplify task name/description 2 years ago
defaults 5cd5af03cd Initial commit. NOTE: Not production ready 3 years ago
files 5cd5af03cd Initial commit. NOTE: Not production ready 3 years ago
handlers 5cd5af03cd Initial commit. NOTE: Not production ready 3 years ago
tasks 6ccca9ec33 Simplify task name/description 2 years ago
README 5cd5af03cd Initial commit. NOTE: Not production ready 3 years ago

README

NOTE: This Ansible role is NOT production-ready.

Created and tested on a Debian Jessie machine.

This is a role for installing and configuring SSSD (see:
https://fedorahosted.org/sssd/) to authenticate against a FreeIPA
server (see: http://www.freeipa.org/).

---

Note to self:

sudo via sssd-ldap is an experimental feature in the version of sssd
(1.8) shipped with Wheezy

SSH task requires that the SSHD server support AuthorizedKeysCommand*
which was introduced in OpenSSH 6.2. Debian Wheezy ships with OpenSSH
6.0.

All of the above probably means that this role will not support Debian
Wheezy clients.

--

More notes to self:

Variables to define:
sssd_sssdconf_path_src: local path to sssd.conf
sssd_certificate_path_src: local path to FreeIPA server's crt (needed to allow LDAPS connections)

Additional tasks provide by this role:
configure_sshd.yml - configures SSH to look up authorized_keys via SSSD