On Tue, Apr 11, 2017 at 10:50:34PM -0400, Tym Rehm wrote: > So I want a user "bob" to ssh into server1 as the username of "support" > with support@server1, but not let Bob ssh into support@server2. I have > Bob's ssh public key added to the support user. I can block Bob from > server1 or server2 with HBAC, but I have to add support to both servers and > since Bob's keys are added to Support. The support account is able to ssh > into both servers.
Yeah, I think id views could help here, but I haven't tested it myself. > > I've looked into ID view, but I'm having troubles find a good document on > how to setup ID views. Does this help? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/id-views.html -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project