On 08/15/2015 07:05 PM, Natxo Asenjo wrote:



On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    sipazzo wrote:


        and my users are able to authenticate to the directory but the hbac
        rules are not being applied. Any user whether given access or not can
        login to the Solaris systems. The "allow-all" rule has been disabled, my
        nsswitch.conf file looks good and I have tried different configs of
        pam.d, including the provided example to try to resolve the issue. Am I
        missing some steps?


    HBAC enforcement is provided by sssd so doesn't work in Solaris.


one might try using solaris' RBAC system:

http://www.oracle.com/technetwork/systems/security/custom-roles-rbac-jsp-140865.html

You would have to distribute your changes to all solaris systems.

There is a RBAC ldap schema
http://docs.oracle.com/cd/E19455-01/806-5580/6jej518q5/index.html for solaris,
but I have never tried using it with freeipa.

--
Groeten,
natxo

Alternatively, you can also contribute to Jakub Hrozek's pam_hbac project:

https://github.com/jhrozek/pam_hbac

:-)

Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to