On Mon, September 5, 2011 00:08, Steven Jones wrote:
>> From evaluation purposes I am looking to write test cases to evaluate
>> authentication products
>> so here is one I am thinking of.
>> From what I can see of IPA it would be fairly easy to implement centrally?
> Lets say I have four users Linux users who are in AD...all on the same
> How would (or is it possible) to set them up so user A can ssh to certain
> remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can
> get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can
> get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh
> out to the
> Internet......as can A, B and C.
> Does anyone have any others that are real world situations that I can use as
> test cases?
I presume you're referring to your AD users after they've been sync'ed to a IPA
Use Host Based Group Access if the servers are running SSSD, or use old
fashioned netgroups if
your servers does not run SSSD.
Freeipa-users mailing list