After a while, I have tried to install the new OOD 2.0.13. There are many new features as compared to 1.6 - 1.8 versions, in particular the massive support for single sign on and changes to user mapping.
My question: if I am to shy away from these new features, can I get away with just using the old PAM authenticator? As in: LDAP feeds to SSSD, SSSD feeds to PAM module (sshd which is copied to OOD); and then I enable the PAM authenticator for OOD instead of using Dex. It will have an additional benefit in that I could use same user’s home directory creation script that now lives in PAM in our HPC system.
Is there any grave security risk doing the LDAP-SSSD-PAM? Has anyone been using the PAM module? Thanks!
Another thing is, it seems that the user mapping regex that PAM module documents, is gone. If a user mapping is one-to-one, as is the case with PAM, can I just provide an arbitrary script like /bin/echo $1 instead of the missing user_map.regex or what it was called?
Thank you very much in advance,
University of Manitoba