On Tue, Apr 11, 2017 at 10:50:34PM -0400, Tym Rehm wrote:
> So I want a user "bob" to ssh into server1 as the username of "support"
> with support@server1, but not let Bob ssh into support@server2. I have
> Bob's ssh public key added to the support user. I can block Bob from
> server1 or server2 with HBAC, but I have to add support to both servers and
> since Bob's keys are added to Support. The support account is able to ssh
> into both servers.

Yeah, I think id views could help here, but I haven't tested it myself.

> 
> I've looked into ID view, but I'm having troubles find a good document on
> how to setup ID views.

Does this help?
    
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/id-views.html

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to