On Mon, September 5, 2011 00:08, Steven Jones wrote: > Hi, > > >> From evaluation purposes I am looking to write test cases to evaluate >> authentication products >> so here is one I am thinking of. > >> From what I can see of IPA it would be fairly easy to implement centrally? >> > > Lets say I have four users Linux users who are in AD...all on the same > server/workstation. > > > How would (or is it possible) to set them up so user A can ssh to certain > remote servers (group > A), but user B cannot get to the group A servers. At the same time user B can > get to Group B > servers but A cannot.....In addition to that User C is an admin and he can > get to both groups A > and B.....User D in the meantime cannot get to A or B groups.....but can ssh > out to the > Internet......as can A, B and C. > > > Does anyone have any others that are real world situations that I can use as > test cases? >
I presume you're referring to your AD users after they've been sync'ed to a IPA instance...? Use Host Based Group Access if the servers are running SSSD, or use old fashioned netgroups if your servers does not run SSSD. http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-host-access.html Regards, Siggi _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users