[Freeipa-users] how can i give set of users to one particular host

Rob Crittenden rcritten at redhat.com
Tue Mar 24 18:19:16 UTC 2015 

Ben .T.George wrote:
> please anyone share bit more information on this like real example 

As we've said many times before, we have very little real experience on
Solaris. We do the best we can and sometimes that is going to be in the
form of bread crumbs that may be usable to finding your way to a solution.

Access control via PAM is a very-well understood problem on Solaris.
Once you have users and groups via nss then IPA is largely out of the
equation. The OS vendor or Solaris-specific groups will know how to do
this far better than us.

If you find a detailed answer I'd be happy to add it to the freeIPA wiki.

rob

> 
> On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
> 
>     Dmitri Pal wrote:
>     > On 03/24/2015 01:15 PM, Ben .T.George wrote:
>     >> Hi
>     >>
>     >> current stage is AD users can able to login to solaris box. But i
>     >> don't up to what level i can control the user.
>     >>
>     >> i don't think to there is much pan modules in solaris. still i cannot
>     >> able to make home directory with pam.
>     >
>     > I think pam_groupdn (if available on Solaris) might help but I could not
>     > find a clear example to share with you here.
> 
>     I'd suggest looking at pam_access.
> 
>     rob
> 
>     >
>     >>
>     >>
>     >>
>     >> On Tue, Mar 24, 2015 at 4:42 PM, Dmitri Pal <dpal at redhat.com <mailto:dpal at redhat.com>
>     >> <mailto:dpal at redhat.com <mailto:dpal at redhat.com>>> wrote:
>     >>
>     >>     On 03/24/2015 07:20 AM, Ben .T.George wrote:
>     >>>     HI
>     >>>
>     >>>     i am using IPA 3.3 and my client is solaris 10.
>     >>>
>     >>>     how can i give only some set of users to this client without
>     >>>     creating user group in ad?
>     >>>
>     >>>     thanks & Regards,
>     >>>     Ben
>     >>>
>     >>>
>     >>
>     >>     You can create a group in IPA and make Solaris check that
>     group at
>     >>     the access phase of PAM if Solaris is capable of checking groups
>     >>     this way.
>     >>
>     >>     --
>     >>     Thank you,
>     >>     Dmitri Pal
>     >>
>     >>     Sr. Engineering Manager IdM portfolio
>     >>     Red Hat, Inc.
>     >>
>     >>
>     >>     --
>     >>     Manage your subscription for the Freeipa-users mailing list:
>     >>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     >>     Go to http://freeipa.org for more info on the project
>     >>
>     >>
>     >
>     >
>     > --
>     > Thank you,
>     > Dmitri Pal
>     >
>     > Sr. Engineering Manager IdM portfolio
>     > Red Hat, Inc.
>     >
>     >
>     >
> 
>

More information about the Freeipa-users mailing list