[Freeipa-users] how can i give set of users to one particular host
Ben .T.George
bentech4you at gmail.com
Sun Mar 29 14:18:08 UTC 2015
HI
i have compiled the pam_access modules successfuly and copied access.conf
to /etc/security folder.
i included
other account required pam_access.so
and added
-:ben ben at infra.com:ALL
but still user ben can able to access the machine
anyone achieved this?
On Tue, Mar 24, 2015 at 9:19 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Ben .T.George wrote:
> > please anyone share bit more information on this like real example
>
> As we've said many times before, we have very little real experience on
> Solaris. We do the best we can and sometimes that is going to be in the
> form of bread crumbs that may be usable to finding your way to a solution.
>
> Access control via PAM is a very-well understood problem on Solaris.
> Once you have users and groups via nss then IPA is largely out of the
> equation. The OS vendor or Solaris-specific groups will know how to do
> this far better than us.
>
> If you find a detailed answer I'd be happy to add it to the freeIPA wiki.
>
> rob
>
> >
> > On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>> wrote:
> >
> > Dmitri Pal wrote:
> > > On 03/24/2015 01:15 PM, Ben .T.George wrote:
> > >> Hi
> > >>
> > >> current stage is AD users can able to login to solaris box. But i
> > >> don't up to what level i can control the user.
> > >>
> > >> i don't think to there is much pan modules in solaris. still i
> cannot
> > >> able to make home directory with pam.
> > >
> > > I think pam_groupdn (if available on Solaris) might help but I
> could not
> > > find a clear example to share with you here.
> >
> > I'd suggest looking at pam_access.
> >
> > rob
> >
> > >
> > >>
> > >>
> > >>
> > >> On Tue, Mar 24, 2015 at 4:42 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>
> > >> <mailto:dpal at redhat.com <mailto:dpal at redhat.com>>> wrote:
> > >>
> > >> On 03/24/2015 07:20 AM, Ben .T.George wrote:
> > >>> HI
> > >>>
> > >>> i am using IPA 3.3 and my client is solaris 10.
> > >>>
> > >>> how can i give only some set of users to this client without
> > >>> creating user group in ad?
> > >>>
> > >>> thanks & Regards,
> > >>> Ben
> > >>>
> > >>>
> > >>
> > >> You can create a group in IPA and make Solaris check that
> > group at
> > >> the access phase of PAM if Solaris is capable of checking
> groups
> > >> this way.
> > >>
> > >> --
> > >> Thank you,
> > >> Dmitri Pal
> > >>
> > >> Sr. Engineering Manager IdM portfolio
> > >> Red Hat, Inc.
> > >>
> > >>
> > >> --
> > >> Manage your subscription for the Freeipa-users mailing list:
> > >> https://www.redhat.com/mailman/listinfo/freeipa-users
> > >> Go to http://freeipa.org for more info on the project
> > >>
> > >>
> > >
> > >
> > > --
> > > Thank you,
> > > Dmitri Pal
> > >
> > > Sr. Engineering Manager IdM portfolio
> > > Red Hat, Inc.
> > >
> > >
> > >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150329/1301e34e/attachment.htm>
More information about the Freeipa-users
mailing list