[Freeipa-users] HBAC and SUDO rules for legacy clients
Srdjan Dutina
sdutina at gmail.com
Mon Apr 20 14:47:43 UTC 2015
Thank for quick answer!
If I disable HBAC rule, I can still login to Centos 5 client using IPA
user, but not using AD user. Is there a workaround?
I need "allow_all" disabled because of newer IPA clients.
On Mon, Apr 20, 2015 at 4:30 PM Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Mon, 20 Apr 2015, Srdjan Dutina wrote:
> >Hi,
> >
> >Testing FreeIPA 4.1.0 (Centos 7 (1503)) with AD 2012 R2 trust.
> >
> >For Centos 5.11 Client (SSSD 1.5.1), will HBAC and SUDO rules function? If
> >yes, does this apply AD users also?
> SSSD 1.5.1 does not have SUDO support.
>
> HBAC support in 1.5.1 will mot likely not work with compat tree that is
> required for legacy clients to support AD users. I don't think this
> was even tested.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150420/13a3f4ae/attachment.htm>
More information about the Freeipa-users
mailing list