Hi,
You can create netgroups for your Solaris machines. (Example:
"ng_ssh_solaris"). Use these
netgroups when creating your /etc/hosts.allow and /etc/hosts.deny files on
Solaris.
For your Linux machines, create HBAC groups. (Example: "hbac_ssh_linux"), and
apply a HBAC profile
to this HBAC group.
Create an user group (Example: "ssh_access"). Add this user group to both the
HBAC group and the
netgroup you just created.
You can now control access to services on both Linux and Solaris simply by
adding and removing
users to a single user group, without using SSSD on Solaris.
SSSD would still be nice to see by default in Solaris, but I don't think that
will happen in the
near future.
Please also have a look at the following bugzilla report for a bug, and a
workaround for it, in
the netgroup compat plugin.
https://bugzilla.redhat.com/show_bug.cgi?id=767372
Regards,
Siggi
On Wed, January 4, 2012 11:38, Craig T wrote:
> Hi,
>
>
> Server: RHEL6.2
> Spec: ipa-server-2.1.3-9
>
>
> 1) After reading the IPA documentation, it seems that HBAC is only available
> to SSSD clients.
> This would suggest that I'm not going to be able to configure it for Solaris
> hosts?
> "Using host-based access control requires SSSD to be installed and configured
> on the IPA client
> machine."
>
> 2) Does this mean that I won't be able to control "who" can log onto our
> solaris servers? Perhaps
> I'll have to configure a custom /etc/hosts.deny entry?
>
>
> cya
>
> Craig
>
>
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
