Hi, You can create netgroups for your Solaris machines. (Example: "ng_ssh_solaris"). Use these netgroups when creating your /etc/hosts.allow and /etc/hosts.deny files on Solaris.
For your Linux machines, create HBAC groups. (Example: "hbac_ssh_linux"), and apply a HBAC profile to this HBAC group. Create an user group (Example: "ssh_access"). Add this user group to both the HBAC group and the netgroup you just created. You can now control access to services on both Linux and Solaris simply by adding and removing users to a single user group, without using SSSD on Solaris. SSSD would still be nice to see by default in Solaris, but I don't think that will happen in the near future. Please also have a look at the following bugzilla report for a bug, and a workaround for it, in the netgroup compat plugin. https://bugzilla.redhat.com/show_bug.cgi?id=767372 Regards, Siggi On Wed, January 4, 2012 11:38, Craig T wrote: > Hi, > > > Server: RHEL6.2 > Spec: ipa-server-2.1.3-9 > > > 1) After reading the IPA documentation, it seems that HBAC is only available > to SSSD clients. > This would suggest that I'm not going to be able to configure it for Solaris > hosts? > "Using host-based access control requires SSSD to be installed and configured > on the IPA client > machine." > > 2) Does this mean that I won't be able to control "who" can log onto our > solaris servers? Perhaps > I'll have to configure a custom /etc/hosts.deny entry? > > > cya > > Craig > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
