[Freeipa-users] Re: HBAC: Negate?

Mon, 29 Jul 2019 08:32:34 -0700 

Christian Reiss via FreeIPA-users wrote:
> Hey,
> 
> I take it this is not possible an no one does this?

It is not possible. HBAC only provides allow rules.

rob

> 
> -Chris.
> 
> On 26/07/2019 17:00, Christian Reiss via FreeIPA-users wrote:
>> Hey folks,
>>
>> We are running a lot of server, we nearly exhausted and allocated our
>> /29 ipv6 allocation*.
>>
>> Let's say we have 10 really, really important servers that only a
>> handful of people should be able to access. Everyone else not.
>>
>> So I have a fixed group of known "critical servers" and a dynamic, ever
>> changing group of "the rest". As I have not yet found a "negate" option
>> what is the smartest way to allow a fixed group to a fixed set of
>> servers, while everyone else has access to everything else but this?
>>
>>
>> Thanks and have a great weekend folks!
>> -Chris.
>>
>> * Alternate facts disclaimer: The given number has been optimized to
>> impress, bedazzle and to intimidate. The real number of host might be
>> substantially smaller.
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>> Fedora Code of Conduct: 
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: 
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>>
> 
> 
> 
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to