On Jan 4, 2012, at 2:39 AM, "Craig T" <free...@noboost.org> wrote:

> Hi,
> 
> Server: RHEL6.2
> Spec: ipa-server-2.1.3-9
> 
> 1) After reading the IPA documentation, it seems that HBAC is only available 
> to SSSD clients. This would suggest that I'm not going to be able to 
> configure it for Solaris hosts? 
> "Using host-based access control requires SSSD to be installed and configured 
> on the IPA client
> machine."

I have written a custom python Pam module that fully supports HBAC in Linux, 
however, it utilizes http://ace-host.stuart.id.au/russell/files/pam_python/. 
Which is currently not OpenPAM compatible.  I've been seeking help to find 
someone to port it to OpenPAM since that is what the BSD's, Solaris, and MacOSX 
use, but I haven't had any luck so far.

> 
> 2) Does this mean that I won't be able to control "who" can log onto our 
> solaris servers? Perhaps I'll have to configure a custom /etc/hosts.deny 
> entry?
> 
> cya
> 
> Craig
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to