On Mon, Jul 8, 2013 at 12:50 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> HBAC is enforced by sssd, so no sssd, no HBAC.
> I think you need to use pam_access to limit users in AIX.
I have some work-arounds now, but I'd like to find a way to automate them.
I need is a way to ask IPA "who is allowed to access this particular

The goal is go just get a list of allowed users, then there are various
I can employ to allow access to only the listed users.  I plan to do this
from the
puppet master so I can push the configs from there.  I have ipa-admintools
openldap-clients installed on the puppet master.

Right now I'm iterating through all the hbacrules and grepping for the
server in
question, then getting the details of that rule.  This is a lot of requests.

The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
Freeipa-users mailing list

Reply via email to