From b23e9400c36acf9856606165489e8828c2cf8dd5 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Fri, 11 Oct 2019 06:25:21 +0200
Subject: ipa-client and fine tunning

---
 roles/ands_kitauth/README | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 roles/ands_kitauth/README

(limited to 'roles/ands_kitauth/README')

diff --git a/roles/ands_kitauth/README b/roles/ands_kitauth/README
new file mode 100644
index 0000000..d2e820b
--- /dev/null
+++ b/roles/ands_kitauth/README
@@ -0,0 +1,20 @@
+Tasks
+=====
+ - required packages: ssd-ldap
+    * nice tool to manage stuff is realmd (but it only can be used by Activer directory admins, so not for KIT)
+
+ - prepare space for home directories
+    * /home/kit.edu should be created (and optionally mounted to NFS)
+
+ - Automate home creation
+    * Either run
+        authconfig --enablemkhomedir --update
+    * Or  copy script and add in the end of /etc/pam/sshd
+        session    optional     pam_exec.so /usr/local/bin/login_script.sh
+
+
+Considerations
+==============
+ - sssd files should belong to root and has 0600 access.
+
+
-- 
cgit v1.2.3