On 02/14/2013 08:20 AM, Rajnesh Kumar Siwal wrote:
> IPA is going to be very critical Server for any environment.
> Do we have proper logging of who as locked whom, Who has created a
> sudo policy, who has allowed access to whom etc ?
>
Hello Rajnesh,
the audit component of IPA collecting and pr
Hi,
Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited in
time from the onset.
If this is not possible all granted access needs to be documented and
revised regularly. However a system that would automati
On Thu, Feb 14, 2013 at 10:02 AM, Dag Wieers wrote:
> Hi,
>
> Another interesting recommendation from security is that all granted access
> (that is exceptional, rather than permanent) should be limited in time from
> the onset.
>
> If this is not possible all granted access needs to be documented
On 14.2.2013 09:49, Martin Kosek wrote:
On 02/14/2013 08:20 AM, Rajnesh Kumar Siwal wrote:
IPA is going to be very critical Server for any environment.
Do we have proper logging of who as locked whom, Who has created a
sudo policy, who has allowed access to whom etc ?
Hello Rajnesh,
the audi
On Thu, 14 Feb 2013, Dag Wieers wrote:
Hi,
Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited
in time from the onset.
If this is not possible all granted access needs to be documented and
revised regular
On Thu, 2013-02-14 at 12:50 +0530, Rajnesh Kumar Siwal wrote:
> IPA is going to be very critical Server for any environment.
> Do we have proper logging of who as locked whom, Who has created a
> sudo policy, who has allowed access to whom etc ?
You can see this information by querying LDAP direct
On Thu, 2013-02-14 at 10:02 +0100, Dag Wieers wrote:
> Hi,
>
> Another interesting recommendation from security is that all granted
> access (that is exceptional, rather than permanent) should be limited in
> time from the onset.
>
> If this is not possible all granted access needs to be docume
Thanks, Simo.
It solves my concern,
On Thu, Feb 14, 2013 at 7:21 PM, Simo Sorce wrote:
> On Thu, 2013-02-14 at 12:50 +0530, Rajnesh Kumar Siwal wrote:
>> IPA is going to be very critical Server for any environment.
>> Do we have proper logging of who as locked whom, Who has created a
>> sudo poli
On 02/14/2013 06:54 AM, Simo Sorce wrote:
On Thu, 2013-02-14 at 10:02 +0100, Dag Wieers wrote:
Hi,
Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited in
time from the onset.
If this is not possible all gran
On Thu, 14 Feb 2013, Alexander Bokovoy wrote:
On Thu, 14 Feb 2013, Dag Wieers wrote:
So I was wondering whether this is something that was already discussed as
a feature for IPA ?
Yes, something along these lines was discussed in past.
We have three tickets so far in deferred state:
https:
On Thu, 2013-02-14 at 08:30 -0700, Rich Megginson wrote:
> On 02/14/2013 06:54 AM, Simo Sorce wrote:
> > On Thu, 2013-02-14 at 10:02 +0100, Dag Wieers wrote:
> >> Hi,
> >>
> >> Another interesting recommendation from security is that all granted
> >> access (that is exceptional, rather than permane
On Feb 12, 2013, at 6:57 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Chuck Lever wrote:
>>>
>>> On Feb 12, 2013, at 4:24 PM, Rob Crittenden wrote:
>>>
Chuck Lever wrote:
> Hi-
>
> I'm new to FreeIPA. I'm installing on an up-to-date Fedora 18
> system from the f
On 02/13/2013 04:10 PM, Rob Crittenden wrote:
Also since we also require compatibility with Solaris, and roles (RBAC)
is currently used on Solaris, does IPA support RBAC on Solaris ? (We
noticed that RBAC mentioned in the IPA web interface only relates to IPA
management).
No, IPA doesn't supp
Sigbjorn Lie wrote:
On 02/13/2013 04:10 PM, Rob Crittenden wrote:
Also since we also require compatibility with Solaris, and roles (RBAC)
is currently used on Solaris, does IPA support RBAC on Solaris ? (We
noticed that RBAC mentioned in the IPA web interface only relates to IPA
management).
On Thu, 2013-02-14 at 18:56 +0100, Sigbjorn Lie wrote:
> On 02/13/2013 04:10 PM, Rob Crittenden wrote:
>
> >>
> >> Also since we also require compatibility with Solaris, and roles (RBAC)
> >> is currently used on Solaris, does IPA support RBAC on Solaris ? (We
> >> noticed that RBAC mentioned in
On Thu, 14 Feb 2013, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 02/13/2013 04:10 PM, Rob Crittenden wrote:
> > Also since we also require compatibility with Solaris, and roles
> > (RBAC)
> > is currently used on Solaris, does IPA support RBAC on Solaris ? (We
> > noticed that RBAC men
On Thu, 2013-02-14 at 21:06 +0100, Dag Wieers wrote:
> On Thu, 14 Feb 2013, Rob Crittenden wrote:
>
> > Sigbjorn Lie wrote:
> >> On 02/13/2013 04:10 PM, Rob Crittenden wrote:
> >>
> >> > > Also since we also require compatibility with Solaris, and roles
> >> > > (RBAC)
> >> > > is currently
Dag Wieers wrote:
On Thu, 14 Feb 2013, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 02/13/2013 04:10 PM, Rob Crittenden wrote:
> > Also since we also require compatibility with Solaris, and roles
> > (RBAC)
> > is currently used on Solaris, does IPA support RBAC on Solaris ?
(We
> > noti
I agree with schema support being enough for now. I do not expect the ipa mgmt
tools to support Solaris rbac mgmt.
The ipa mgmt tools are great, but I already have other data in the ipa ldap
that I have to manage manually anyway.
Rgds,
Siggi
Rob Crittenden wrote:
>Dag Wieers wrote:
>> On
On 14 February 2013 19:37, Petr Spacek wrote:
> On 14.2.2013 09:49, Martin Kosek wrote:
>
>> On 02/14/2013 08:20 AM, Rajnesh Kumar Siwal wrote:
>>
>>> IPA is going to be very critical Server for any environment.
>>> Do we have proper logging of who as locked whom, Who has created a
>>> sudo polic
20 matches
Mail list logo
