[Freeipa-devel] Generate report of user access levels on each system
Jerel Gilmer
jerel.gilmer at gmail.com
Mon May 9 14:33:51 UTC 2016
Thanks Jakub. My goal for the scripts I wrote would be
to potentially address both:
https://fedorahosted.org/freeipa/ticket/3775
https://fedorahosted.org/sssd/ticket/2840
The scripts could be run centrally from an IdM server and produce a report
for all registered systems in under a few seconds. I have over 1100 systems
in my environment.
Using the 'ipa hbactest' to produce a similar report would take too long to
run.
Using the sssd cache on each systems would be a local approach that
couldn't be scaled in my environment.
The scripts allow for producing centralized system auditing and reporting.
One issue I noticed users run into is the need to produce reports of
system's allowed users and sudo rules. Although I can easily list the HBAC
and Sudo rules for each system, trying to pull a user list can be a tedious
task. That's where these scripts come in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160509/75c3337a/attachment.htm>
More information about the Freeipa-devel
mailing list