5.5. Configuring simple Access Provider Rules
The simple access provider allows or denies access based on a list of user names or groups. It enables you to restrict access to specific machines.
For example, you can use the simple access provider to restrict access to a specific user or group. Other users or groups will not be allowed to log in even if they authenticate successfully against the configured authentication provider.
Conditions préalables
-
rootaccess
Procédure
-
Open the
/etc/sssd/sssd.conffile. Set the
access_provideroption tosimple:[domain/your-domain-name] access_provider = simpleDefine the access control rules for users.
-
To allow access to users, use the
simple_allow_usersoption. To deny access to users, use the
simple_deny_usersoption.ImportantIf you deny access to specific users, you automatically allow access to everyone else. Allowing access to specific users is considered safer than denying.
-
To allow access to users, use the
Define the access control rules for groups. Choose one of the following:
-
To allow access to groups, use the
simple_allow_groupsoption. To deny access to groups, use the
simple_deny_groupsoption.ImportantIf you deny access to specific groups, you automatically allow access to everyone else. Allowing access to specific groups is considered safer than denying.
Exemple 5.3. Allowing access to specific users and groups
The following example allows access to user1, user2, and members of group1, while denying access to all other users:
[domain/your-domain-name] access_provider = simple simple_allow_users = user1, user2 simple_allow_groups = group1
-
To allow access to groups, use the
Keeping the deny list empty can lead to allowing access to everyone.
Ressources supplémentaires
-
The
sssd-simple5man page
