On Mon, Jul 8, 2013 at 12:50 PM, Rob Crittenden <[email protected]> wrote:
> > HBAC is enforced by sssd, so no sssd, no HBAC. > > I think you need to use pam_access to limit users in AIX. > > I have some work-arounds now, but I'd like to find a way to automate them. What I need is a way to ask IPA "who is allowed to access this particular server?" The goal is go just get a list of allowed users, then there are various mechanisms I can employ to allow access to only the listed users. I plan to do this from the puppet master so I can push the configs from there. I have ipa-admintools and openldap-clients installed on the puppet master. Right now I'm iterating through all the hbacrules and grepping for the server in question, then getting the details of that rule. This is a lot of requests. -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
