[Freeipa-users] how can i give set of users to one particular host

Ben .T.George bentech4you at gmail.com
Sun Mar 29 14:18:08 UTC 2015 

HI

i have compiled the pam_access modules successfuly and copied access.conf
to /etc/security folder.

i included

other   account required        pam_access.so

 and added
-:ben ben at infra.com:ALL

but still user ben can able to access the machine

anyone achieved this?


On Tue, Mar 24, 2015 at 9:19 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Ben .T.George wrote:
> > please anyone share bit more information on this like real example
>
> As we've said many times before, we have very little real experience on
> Solaris. We do the best we can and sometimes that is going to be in the
> form of bread crumbs that may be usable to finding your way to a solution.
>
> Access control via PAM is a very-well understood problem on Solaris.
> Once you have users and groups via nss then IPA is largely out of the
> equation. The OS vendor or Solaris-specific groups will know how to do
> this far better than us.
>
> If you find a detailed answer I'd be happy to add it to the freeIPA wiki.
>
> rob
>
> >
> > On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>> wrote:
> >
> >     Dmitri Pal wrote:
> >     > On 03/24/2015 01:15 PM, Ben .T.George wrote:
> >     >> Hi
> >     >>
> >     >> current stage is AD users can able to login to solaris box. But i
> >     >> don't up to what level i can control the user.
> >     >>
> >     >> i don't think to there is much pan modules in solaris. still i
> cannot
> >     >> able to make home directory with pam.
> >     >
> >     > I think pam_groupdn (if available on Solaris) might help but I
> could not
> >     > find a clear example to share with you here.
> >
> >     I'd suggest looking at pam_access.
> >
> >     rob
> >
> >     >
> >     >>
> >     >>
> >     >>
> >     >> On Tue, Mar 24, 2015 at 4:42 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>
> >     >> <mailto:dpal at redhat.com <mailto:dpal at redhat.com>>> wrote:
> >     >>
> >     >>     On 03/24/2015 07:20 AM, Ben .T.George wrote:
> >     >>>     HI
> >     >>>
> >     >>>     i am using IPA 3.3 and my client is solaris 10.
> >     >>>
> >     >>>     how can i give only some set of users to this client without
> >     >>>     creating user group in ad?
> >     >>>
> >     >>>     thanks & Regards,
> >     >>>     Ben
> >     >>>
> >     >>>
> >     >>
> >     >>     You can create a group in IPA and make Solaris check that
> >     group at
> >     >>     the access phase of PAM if Solaris is capable of checking
> groups
> >     >>     this way.
> >     >>
> >     >>     --
> >     >>     Thank you,
> >     >>     Dmitri Pal
> >     >>
> >     >>     Sr. Engineering Manager IdM portfolio
> >     >>     Red Hat, Inc.
> >     >>
> >     >>
> >     >>     --
> >     >>     Manage your subscription for the Freeipa-users mailing list:
> >     >>     https://www.redhat.com/mailman/listinfo/freeipa-users
> >     >>     Go to http://freeipa.org for more info on the project
> >     >>
> >     >>
> >     >
> >     >
> >     > --
> >     > Thank you,
> >     > Dmitri Pal
> >     >
> >     > Sr. Engineering Manager IdM portfolio
> >     > Red Hat, Inc.
> >     >
> >     >
> >     >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150329/1301e34e/attachment.htm>

More information about the Freeipa-users mailing list