>> Would it be possible to deny ssh access per host without pulling a host
off
>> FreeIPA management?
>
> from-host part of the rule is not enforced by default due to the fact
> that it is pretty easy to fake that one on connection.
>
> You can try to create more specific rules allowing access to t
On Tue, 04 Feb 2014, William Muriithi wrote:
Hello
I have an ipa-server-2.2.0-16.el6.x86_64 server serving different version
of ipa-clients and so far it has been good. I have noticed that some of our
DEVs have started to ssh into some of the systems that I had no intention
of making available t
Hello
I have an ipa-server-2.2.0-16.el6.x86_64 server serving different version
of ipa-clients and so far it has been good. I have noticed that some of our
DEVs have started to ssh into some of the systems that I had no intention
of making available through ssh.
I have tried to revoke specific gr