Food for thought. Thanks, Rob ______________________________________________________________________________________________
Daniel E. White daniel.e.wh...@nasa.gov<mailto:daniel.e.wh...@nasa.gov> NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290 From: Rob Crittenden <rcrit...@redhat.com> Date: Tuesday, January 14, 2020 at 14:21 To: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc: Daniel White <daniel.e.wh...@nasa.gov> Subject: [EXTERNAL] Re: [Freeipa-users] Adding Hosts that are not ipa-clients ? White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: I am considering the Host Based Access Control features to help manage things in our infrastructure that cannot be ipa-clients - like network hardware (switches, routers) With the understanding that my servers do not run the DNS, can I create such hosts to use in host groups and HBAC rules ? You can create hosts that don't exist in DNS using --force on the command-line. I'm pretty sure there is the equivalent in the WUI. And sure you could add them to HBAC rules but enforcement happens on the client and if the client isn't running sssd with the IPA backend... rob
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org