Jakub,
For my production servers I enabled local provider on the customer facing servers. I have configured an emergency user that will not be shown in /etc/passwd . In a hosting environment anyone can get a a domain for a just a few $$ and this exposes passwd file. If I add the account to /etc/passwd it could be bruteforced as most brute-forcing scripts will reference the file. However if I add it via sss_* tools , the account is invisible to them.
I've read the wiki page and I understood the need for replacing it. If id_provider=local will be removed I can live without it :)
Thanks Mario
On 02/10/2017 04:18 AM, Jakub Hrozek wrote:
Hi,
are there any SSSD users who actively use a configuration with: id_provider=local ? If so, what is your use-case?
We're considering deprecating and eventually removing this provider upstream. The replacemant for id_provider=local would be id_provider=files: https://fedorahosted.org/sssd/wiki/DesignDocs/FilesProvider which is already under review and later extension of the SSSD's D-Bus interface to allow manipulating custom user attributes.
My current plan for deprecating the local provider is to only build the provider and the tools around it if a configure-time flag is provided. This flag would be disabled by default. Then, if noone complains, eventually just remove the code. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org