On Mon, Jul 8, 2013 at 12:50 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

>
> HBAC is enforced by sssd, so no sssd, no HBAC.
>
> I think you need to use pam_access to limit users in AIX.
>
>
I have some work-arounds now, but I'd like to find a way to automate them.
 What
I need is a way to ask IPA "who is allowed to access this particular
server?"

The goal is go just get a list of allowed users, then there are various
mechanisms
I can employ to allow access to only the listed users.  I plan to do this
from the
puppet master so I can push the configs from there.  I have ipa-admintools
and
openldap-clients installed on the puppet master.

Right now I'm iterating through all the hbacrules and grepping for the
server in
question, then getting the details of that rule.  This is a lot of requests.


-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to