[Freeipa-users] Test scenario
Sigbjorn Lie
sigbjorn at nixtra.com
Mon Sep 5 09:29:08 UTC 2011
On Mon, September 5, 2011 00:08, Steven Jones wrote:
> Hi,
>
>
>> From evaluation purposes I am looking to write test cases to evaluate authentication products
>> so here is one I am thinking of.
>
>> From what I can see of IPA it would be fairly easy to implement centrally?
>>
>
> Lets say I have four users Linux users who are in AD...all on the same server/workstation.
>
>
> How would (or is it possible) to set them up so user A can ssh to certain remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh out to the
> Internet......as can A, B and C.
>
>
> Does anyone have any others that are real world situations that I can use as test cases?
>
I presume you're referring to your AD users after they've been sync'ed to a IPA instance...?
Use Host Based Group Access if the servers are running SSSD, or use old fashioned netgroups if
your servers does not run SSSD.
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-host-access.html
Regards,
Siggi
More information about the Freeipa-users
mailing list