[Freeipa-users] Revisiting auditing and avoiding reinvention of round rolling things
Dmitri Pal
dpal at redhat.com
Mon Mar 18 02:08:57 UTC 2013
On 03/17/2013 12:46 PM, KodaK wrote:
> On Fri, Mar 15, 2013 at 8:54 PM, Dmitri Pal <dpal at redhat.com> wrote:
>> This is what HBAC test is about
> The HBAC test will allow me to see if a single user can access a given
> server. It doesn't give me a list of all the users that are allowed
> to access a given host. I can dump a list of users and run that list
> through an HBAC test, but it takes forever and it just seems like
> there should be a better way.
>
> Thanks for replying -- I may end up filing that ticket.
>
> --Jason
Frankly I do not know a better way. If we had to implement something
like that as a part of CLI we would have to pretty much run through the
user list and see who can and who can not access the host. The
resolution is very complex as it depends on multiplicity of the HBAC
rules and complexity of the group structure.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list