Rui SeabraOct 28, 2024

So I updated my pam module that allows #IBM #AIX to integrate with #FreeIPA to a much improved release.

If there are any people who care, could they help me fix https://www.freeipa.org/page/ConfiguringAixClients by adding information on how to actually have HBAC instead of the very poor man's example in that page?

Check it out here: https://github.com/rseabra/pam_ipahbac/releases/tag/v0.1.0

Configuring AIX clients — FreeIPA documentation

Show threadflat_eric1Feb 10, 2025
@RuiSeabra Hi Rui, thank you for your efforts on this PAM module. In our AIX test environment, I just tried freeIPA with AIX a couple of days ago - and it took me 3 whole days to get this sorted;the documentation is wrong in virtually every step. So if I can help with tests or anything else, please let me know.
One question in advance: PAM ist not that tightly integrated into AIX as it is into Linux; will authentication also work with this PAM module for non-ssh logins, e.g. logins via console?
Show threadRui Seabra

Hi @flat_eric1 thank you so much for trying out my pam module. :)

Please open issues (preferably one pretty issue) detailing what you find as wrong so I can look into it later

It works perfectly on our local setup but, being AIX, it may always be because of some stupid particularity I'm assuming it's general and not local.

Note: I'm not an AIX admin or expert, far from it. :)

Feb 12, 2025 at 9:10pmFedilab
Show threadRui SeabraFeb 23, 2025
@flat_eric1 I've been checking every other day, can you please file the issue you've found so that maybe I can help you and improve whatever you found that was wrong? I'm really looking forward to that. :)
Show threadflat_eric1Mar 3, 2025
@RuiSeabra Hi! I did not find any issue so far - I need to do some testing of your software before. Unfortunately, it has been a busy time lately, and I do not have a use case for your software yet, so I am afraid this needs to wait a bit longer. Even though I am quite curious about your work... :-)
I will let you know as soon as I have any results.
Show threadRui SeabraMar 4, 2025

@flat_eric1
Ah, so it's FreeIPA you need help with?

Which version are you using, Red Hat's IDM or from repos?

#FreeIPA is actually very awesome and solid, but prickly with procedures and not much in the ways of prevention from users shooting both their feet at the same time.

Just stay calm and consider your options.

If you need some professional consultancy, maybe I can help, I manage a domain with many hundreds of users and a few thousands of servers.