From ee1666cafe2b3c76a68ffa94dee6846831f3b57d Mon Sep 17 00:00:00 2001 From: Andrei Cioara Date: Thu, 16 Apr 2020 01:50:37 -0300 Subject: [PATCH] Added support for SSSD (#311) --- deployment/docker/app/Dockerfile | 2 ++ docker-compose.yml | 13 ++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/deployment/docker/app/Dockerfile b/deployment/docker/app/Dockerfile index b2409d0e..6847eba2 100644 --- a/deployment/docker/app/Dockerfile +++ b/deployment/docker/app/Dockerfile @@ -32,6 +32,8 @@ RUN set -x \ && apt-get install -y --no-install-recommends --no-install-suggests \ krb5-user \ libpam-krb5 \ + sssd \ + libpam-sss \ sudo \ curl \ unzip \ diff --git a/docker-compose.yml b/docker-compose.yml index 864a997a..fab7d65e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,15 +22,18 @@ x-variables: - /etc/group:/etc/group:ro - /etc/shadow:/etc/shadow:ro - # Authentication - # passwd/group should be mounted into any container - # needing to share the user/group IDs - # This is the setup for Fred Hutch where we use Ubuntu; for Red Hat you would - # want to use SSSD. + # Authentication: + # passwd/group should be mounted into any container needing to share the user/group IDs - /var/run/nscd/socket:/var/run/nscd/socket - /etc/krb5.conf:/etc/krb5.conf - /etc/pam.d:/etc/pam.d + # Volumes to enable SSSD authentication via PAM in the app container sharing configuration on + # host to support remote authenticaion backends such as Active Directory, LDAP, and FreeIPA + - /var/lib/sss/pipes:/var/lib/sss/pipes + - /var/lib/sss/mc:/var/lib/sss/mc:ro + - /etc/sssd/sssd.conf:/etc/sssd/sssd.conf + # Authentication cannot mount individual files, because the mapping is # based on the inode - /etc:/etc:ro