Christian Reiss via FreeIPA-users wrote:
Hey,
I take it this is not possible an no one does this?
It is not possible. HBAC only provides allow rules.
rob
-Chris.
On 26/07/2019 17:00, Christian Reiss via FreeIPA-users wrote:
> Hey folks,
>
> We are running a lot of server, we nearly exhausted and allocated our
> /29 ipv6 allocation*.
>
> Let's say we have 10 really, really important servers that only a
> handful of people should be able to access. Everyone else not.
>
> So I have a fixed group of known "critical servers" and a dynamic, ever
> changing group of "the rest". As I have not yet found a "negate"
option
> what is the smartest way to allow a fixed group to a fixed set of
> servers, while everyone else has access to everything else but this?
>
>
> Thanks and have a great weekend folks!
> -Chris.
>
> * Alternate facts disclaimer: The given number has been optimized to
> impress, bedazzle and to intimidate. The real number of host might be
> substantially smaller.
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...