ApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

3.7. Managing Login Permissions for Domain Users

By default, domain-side access control is applied, which means that login policies for domain users are defined in the domain itself. This default behavior can be overridden so that client-side access control is used. With client-side access control, login permission are defined by local policies only.
If a domain applies client-side access control, you can use the realmd system to configure basic allow or deny access rules for users from that domain. Note that these access rules either allow or deny access to all services on the system. More specific access rules must be set on a specific system resource or in the domain.
To set the access rules, use the following two commands:
realm deny
The realm deny command simply denies access to all users within the domain. Use this command with the --all option.
realm permit
The realm permit command can be used to:
  • grant access to all users by using the --all option, for example: 
    $ realm permit --all
  • grant access to specified users, for example: 
    $ realm permit user@example.com
$ realm permit 'AD.EXAMPLE.COM\user'
  • deny access to specified users by using the -x option, for example: 
    $ realm permit -x 'AD.EXAMPLE.COM\user'
Note that allowing access currently only works for users in primary domains, not for users in trusted domains. This is because while user logins must contain the domain name, SSSD currently cannot provide realmd with information about available child domains.

Important

It is safer to only allow access to specifically selected users or groups than to deny access to some, while enabling it to everyone else. Therefore, it is not recommended to allow access to all by default while only denying it to specified users with realm permit -x. Instead, Red Hat recommends to maintain a default no access policy for all users and only grant access to selected users using realm permit.
For more information about the realm deny and realm permit commands, see the realm(8) man page.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.