[Freeipa-users] About AllowGroups with sshd
Jose Alvarez R.
jalvarez at cyberfuel.com
Wed Sep 14 14:37:14 UTC 2016
Hi Jakub
Thanks for your response. It's an option, but my backups servers I will not
add to the FreeIPA server.
Then, I cannot use the option HBAC, because I want my backup server can
connect with root to some client server of my FreeIPA Server.
If I'm doing something wrong, please let me know
Thanks, Regards
Jose Alvarez R.
-----Original Message-----
From: freeipa-users-bounces at redhat.com
[mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jakub Hrozek
Sent: martes 13 de septiembre de 2016 02:22 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] About AllowGroups with sshd
On Mon, Sep 12, 2016 at 10:00:57AM -0600, Jose Alvarez R. wrote:
> Hello
>
>
>
> I have an question
>
>
>
> I have an FreeIPA 3.0 server(CentOS 6) with some clients servers(CentOS
6).
> I wants enable root a two servers this servers, because they are
> backup servers.
>
>
>
> I add theses lines in /etc/ssh/sshd_config of a client server.
>
>
>
> AllowUsers root at 192.168.20.2
>
> AllowUsers root at 192.168.20.90
>
> PermitRootLogin yes
>
>
>
> This working, but when try login with my user IPA, I can't login.
>
>
>
> I add the line "AllowGroups" with my group of users_IPA
>
>
>
> AllowGroups <group_user>
>
>
>
> But not working, Can you help me ?
>
>
>
> Thanks, Regards
>
>
>
> Jose Alvarez.
I know I'm not answering your question directly, but isn't it better to use
HBAC with IPA and centralize the access control rather than edit config
files on the clients?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list