White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: > Ideally, a command/script I can run on each host that outputs a list of > users that can log in to that host. > > > > I found this: FreeIPA Issue #7199 [RFE] Central report that will show > who can access which systems (attestation) > <https://pagure.io/freeipa/issue/7199> > > and followed it upstream to this BugZilla Bug 1492993 - [RFE] Central > report that will show who can access which systems (attestation) > <https://bugzilla.redhat.com/show_bug.cgi?id=1492993> > > which says it is targeted for RHEL 8 !
I wouldn't read too much into that, it mostly just says that it has no chance of making it into RHEL 7. > > > > Is there any way to do this in the meantime ? > > I can get a list of users, but how do I get to the HBAC rules to filter > them ? There is no way now other than running hbac-test iteratively for all your users and hosts. It'd be quite resource-intensive and I imagine slow depending on the number of hosts and users, something to run over night I imagine. You might be able to be clever about it depending on your rules if you know, for instance, that a certain set of hosts don't allow ssh access (or is limited to a single group). rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
