OK.  I have done this and am using the pam stack that is the result of
what you here describe.

A few threads back you mentioned that this could be a reason why my hbac
are not restricting access.  I have no hbac rules currently and any active
directory user can access any host.  Is there something else I could look
at to see why this is happening?

Warren Birnbaum : Infrastructure Services
Web Automation Engineer
Europe CDT Techn. Operations
Nike Inc. : Mobile +31 6 23902697

On 1/25/16, 2:11 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:

>On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote:
>>Thanks Alexander.  Is there a place where there are example pam stacks
>>that work with active directory and hbac?
>Defaults in RHEL/Fedora should be enough:
> - install RHEL/Fedora,
> - apply ipa-client-install,
>then you get proper setup. That's what is tested and supported.
>ipa-client-install would run authconfig utility with correct parameters
>to set PAM stack properly.
>/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to