8.2. Generating access control reports using sssctl
You can list the access control rules applied to the machine on which you are running the report because SSSD controls which users can log in to the client.
The access report is not accurate because the tool does not track users locked out by the Key Distribution Center (KDC).
Conditions préalables
- You must be logged in with administrator privileges
-
The
sssctl
tool is available on RHEL 7, RHEL 8, and RHEL 9 systems.
Procédure
To generate a report for the
idm.example.com
domain, enter:[root@client1 ~]# sssctl access-report idm.example.com 1 rule cached Rule name: example.user Member users: example.user Member services: sshd