0

I have configured kerberos on linux machine to serve as a single point for user authorisation management. now I want to restrict few users from logging into specific linux hosts. for example.

I have user admin, developer and tester. and I have 3 linux client machine which are running with centos7., machine1, machine2 and machine3.

user admin can login to both 3 client machine. user developer can login to client machine1 and machine2. user tester can only login to client machine3.

need guidance to configure the above policy.

chitender kumar
  • 394
  • 4
  • 21
  • 1
    Any details about these hypothetical "machines": Windows? Linux? AIX? IBM mainframe? lawnmower? – Samson Scharfrichter Sep 11 '17 at 21:55
  • these are linux machines with centos7 – chitender kumar Sep 12 '17 at 06:36
  • 1
    Kerberos is about _authentication_, not _authorization_. You need LDAP groups and SSSD configuration > "what groups do that (authenticated) user belong to? does any of these groups grant access to this Linux box?" – Samson Scharfrichter Sep 12 '17 at 07:30
  • I tried to explore the LDAP groups feature but did not able to got clear insight of it. but for my requirement with LDAP I configured the sshd_config of a servers with the directive "AllowUsers user1 user2". which suffice my requirement. – chitender kumar Sep 13 '17 at 21:05

0 Answers0