On Tue, Aug 18, 2015 at 09:05:14PM +0200, Martin Kosek wrote: > On 08/15/2015 07:05 PM, Natxo Asenjo wrote: > > > > > >On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden <rcrit...@redhat.com > ><mailto:rcrit...@redhat.com>> wrote: > > > > sipazzo wrote: > > > > > > and my users are able to authenticate to the directory but the hbac > > rules are not being applied. Any user whether given access or not can > > login to the Solaris systems. The "allow-all" rule has been > > disabled, my > > nsswitch.conf file looks good and I have tried different configs of > > pam.d, including the provided example to try to resolve the issue. > > Am I > > missing some steps? > > > > > > HBAC enforcement is provided by sssd so doesn't work in Solaris. > > > > > >one might try using solaris' RBAC system: > > > >http://www.oracle.com/technetwork/systems/security/custom-roles-rbac-jsp-140865.html > > > >You would have to distribute your changes to all solaris systems. > > > >There is a RBAC ldap schema > >http://docs.oracle.com/cd/E19455-01/806-5580/6jej518q5/index.html for > >solaris, > >but I have never tried using it with freeipa. > > > >-- > >Groeten, > >natxo > > Alternatively, you can also contribute to Jakub Hrozek's pam_hbac project: > > https://github.com/jhrozek/pam_hbac
btw I have quite a few changes from the last weeks, so yes, I'm still working on this, but the progress is slow, RHEL maintenance tends to eat most time.. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
