[Freeipa-users] Where do I find info on how to allow or stop users logging into hosts?
JR Aquino
JR.Aquino at citrix.com
Tue Jun 14 01:10:41 UTC 2011
1) Create an HBAC Rule or rules: choose allow or deny
2) add users/usergroups to the rule
3) add hosts/hostgroups to the rule
4) disable the default 'allow all' rule
Now any system that has SSSD 1.5 will enforce those HBAC rules.
For systems that do not support sssd, I have been working on a proof of concept authorization module for HBAC written in python.
-JR
On Jun 13, 2011, at 5:32 PM, Steven Jones wrote:
> Hi,
>
> Ive seen/read it.....and I have a hard copy on my desk in front of me right now....
>
> I find it typical of such documents, it has lots of sections in great detail but it doesnt tell you how to achieve anything end to end....and often its gives you written instructions on visual tasks so if you are not in the right bit of the gui you go nowhere.....So it needs far more screenshots and wizards....
>
> regards
> ________________________________________
> From: JR Aquino [JR.Aquino at citrix.com]
> Sent: Tuesday, 14 June 2011 11:53 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Where do I find info on how to allow or stop users logging into hosts?
>
> On Jun 13, 2011, at 4:43 PM, Steven Jones wrote:
>
>> I have put 3 clients into a netgroup and added a user, however when I remove the user from the netgroup the user can still login! Even if the user wasnt ever in teh netgroup they can login....
>>
>> So how do I stop that?
>>
>> When will we see some documentation on doing user admin tasks like this?
>
> Have a look at this:
>
> http://obriend.fedorapeople.org/freeIPA2.0/Identity_and_Policy_Management_Guide/html-single/#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list