[Freeipa-users] HBAC - Limit SSH access to "test" systems
Alexander Skwar
alexanders.mailinglists+nospam at gmail.com
Mon Nov 30 09:25:39 UTC 2015
Hello
I'm trying to setup our FreeIPA 4.1.0 (RHEL 7) servers with Ubuntu 14.04
FreeIPA 3.3.4 clients so, that users in a user group called "customers"
can only access hosts, which are in a host group called "test". Users
from the user group "ops" should be able to access all systems (ie.
"prod" systems and also those "test" systems).
But I cannot get my head around to create proper HBAC rules/setup…
Could somebody maybe lend me a helping hand?
At the moment, I have set it up so, that I modified the "prod" systems
sshd_config and added "DenyGroups customer" there. On the test systems,
I don't have that line. That works, but it's not using IPA (in a sense…
I do have to modify the hosts configuration on the system, which I
dislike. Granted, with Chef, it's not much, but still *G*).
Thanks,
Alexander
--
=> Google+ => http://plus.skwar.me <==
=> Chat (Jabber/Google Talk) => a.skwar at gmail.com <==
More information about the Freeipa-users
mailing list