Hi,

You can create netgroups for your Solaris machines. (Example: 
"ng_ssh_solaris"). Use these
netgroups when creating your /etc/hosts.allow and /etc/hosts.deny files on 
Solaris.

For your Linux machines, create HBAC groups. (Example: "hbac_ssh_linux"), and 
apply a HBAC profile
to this HBAC group.

Create an user group (Example: "ssh_access"). Add this user group to both the 
HBAC group and the
netgroup you just created.

You can now control access to services on both Linux and Solaris simply by 
adding and removing
users to a single user group, without using SSSD on Solaris.

SSSD would still be nice to see by default in Solaris, but I don't think that 
will happen in the
near future.

Please also have a look at the following bugzilla report for a bug, and a 
workaround for it, in
the netgroup compat plugin.

https://bugzilla.redhat.com/show_bug.cgi?id=767372


Regards,
Siggi




On Wed, January 4, 2012 11:38, Craig T wrote:
> Hi,
>
>
> Server: RHEL6.2
> Spec: ipa-server-2.1.3-9
>
>
> 1) After reading the IPA documentation, it seems that HBAC is only available 
> to SSSD clients.
> This would suggest that I'm not going to be able to configure it for Solaris 
> hosts?
> "Using host-based access control requires SSSD to be installed and configured 
> on the IPA client
> machine."
>
> 2) Does this mean that I won't be able to control "who" can log onto our 
> solaris servers? Perhaps
> I'll have to configure a custom /etc/hosts.deny entry?
>
>
> cya
>
> Craig
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to