On Mon, September 5, 2011 00:08, Steven Jones wrote:
> Hi,
>> From evaluation purposes I am looking to write test cases to evaluate 
>> authentication products
>> so here is one I am thinking of.
>> From what I can see of IPA it would be fairly easy to implement centrally?
> Lets say I have four users Linux users who are in AD...all on the same 
> server/workstation.
> How would (or is it possible) to set them up so user A can ssh to certain 
> remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can 
> get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can 
> get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh 
> out to the
> Internet......as can A, B and C.
> Does anyone have any others that are real world situations that I can use as 
> test cases?

I presume you're referring to your AD users after they've been sync'ed to a IPA 

Use Host Based Group Access if the servers are running SSSD, or use old 
fashioned netgroups if
your servers does not run SSSD.



Freeipa-users mailing list

Reply via email to