Christian Reiss via FreeIPA-users wrote: > Hey, > > I take it this is not possible an no one does this?
It is not possible. HBAC only provides allow rules. rob > > -Chris. > > On 26/07/2019 17:00, Christian Reiss via FreeIPA-users wrote: >> Hey folks, >> >> We are running a lot of server, we nearly exhausted and allocated our >> /29 ipv6 allocation*. >> >> Let's say we have 10 really, really important servers that only a >> handful of people should be able to access. Everyone else not. >> >> So I have a fixed group of known "critical servers" and a dynamic, ever >> changing group of "the rest". As I have not yet found a "negate" option >> what is the smartest way to allow a fixed group to a fixed set of >> servers, while everyone else has access to everything else but this? >> >> >> Thanks and have a great weekend folks! >> -Chris. >> >> * Alternate facts disclaimer: The given number has been optimized to >> impress, bedazzle and to intimidate. The real number of host might be >> substantially smaller. >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org