You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, we have only a user blacklist (filter_users) on the SSSD. It would be nice if we could configure a machine to allow only a limited set of the users from a particular domain to log into a machine.
For example, a corporate laptop may be set up to do ID and AUTH to a corporate server, but maybe we would only want one user (and perhaps a central admin) to have access to the machine.
I know we have the HBAC controls in the FreeIPA backend, but it might be nice to have a generic user_whitelist for non FreeIPA domains.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/392
Right now, we have only a user blacklist (filter_users) on the SSSD. It would be nice if we could configure a machine to allow only a limited set of the users from a particular domain to log into a machine.
For example, a corporate laptop may be set up to do ID and AUTH to a corporate server, but maybe we would only want one user (and perhaps a central admin) to have access to the machine.
I know we have the HBAC controls in the FreeIPA backend, but it might be nice to have a generic user_whitelist for non FreeIPA domains.
Comments
Comment from dpal at 2010-02-16 15:07:20
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.1
Comment from sgallagh at 2010-03-09 14:32:29
Fixed by 16ac0d6
doc: 0 => 1
fixedin: => 1.1.0
resolution: => fixed
status: new => closed
tests: 0 => 1
Comment from obriend at 2010-05-18 05:27:27
Added section Configuring Access Control to Deployment Guide
doc: 1 => 0
docupdated: 0 => 1
Comment from jgalipea at 2010-05-19 15:35:08
Fields changed
tests: 1 => 0
testsupdated: 0 => 1
Comment from dpal at 2012-01-19 02:39:45
Fields changed
rhbz: => 0
Comment from sgallagh at 2017-02-24 14:54:30
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: