On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> sipazzo wrote: > >> >> and my users are able to authenticate to the directory but the hbac >> rules are not being applied. Any user whether given access or not can >> login to the Solaris systems. The "allow-all" rule has been disabled, my >> nsswitch.conf file looks good and I have tried different configs of >> pam.d, including the provided example to try to resolve the issue. Am I >> missing some steps? >> > > HBAC enforcement is provided by sssd so doesn't work in Solaris. > one might try using solaris' RBAC system: http://www.oracle.com/technetwork/systems/security/custom-roles-rbac-jsp-140865.html You would have to distribute your changes to all solaris systems. There is a RBAC ldap schema http://docs.oracle.com/cd/E19455-01/806-5580/6jej518q5/index.html for solaris, but I have never tried using it with freeipa. -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
