[Freeipa-users] Host Based Access Control and Solaris?
Sigbjorn Lie
sigbjorn at nixtra.com
Wed Jan 4 10:59:39 UTC 2012
Hi,
You can create netgroups for your Solaris machines. (Example: "ng_ssh_solaris"). Use these
netgroups when creating your /etc/hosts.allow and /etc/hosts.deny files on Solaris.
For your Linux machines, create HBAC groups. (Example: "hbac_ssh_linux"), and apply a HBAC profile
to this HBAC group.
Create an user group (Example: "ssh_access"). Add this user group to both the HBAC group and the
netgroup you just created.
You can now control access to services on both Linux and Solaris simply by adding and removing
users to a single user group, without using SSSD on Solaris.
SSSD would still be nice to see by default in Solaris, but I don't think that will happen in the
near future.
Please also have a look at the following bugzilla report for a bug, and a workaround for it, in
the netgroup compat plugin.
https://bugzilla.redhat.com/show_bug.cgi?id=767372
Regards,
Siggi
On Wed, January 4, 2012 11:38, Craig T wrote:
> Hi,
>
>
> Server: RHEL6.2
> Spec: ipa-server-2.1.3-9
>
>
> 1) After reading the IPA documentation, it seems that HBAC is only available to SSSD clients.
> This would suggest that I'm not going to be able to configure it for Solaris hosts?
> "Using host-based access control requires SSSD to be installed and configured on the IPA client
> machine."
>
> 2) Does this mean that I won't be able to control "who" can log onto our solaris servers? Perhaps
> I'll have to configure a custom /etc/hosts.deny entry?
>
>
> cya
>
> Craig
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
More information about the Freeipa-users
mailing list