5.5. Configuring simple Access Provider Rules
The simple
access provider allows or denies access based on a list of user names or groups. It enables you to restrict access to specific machines.
For example, you can use the simple
access provider to restrict access to a specific user or group. Other users or groups will not be allowed to log in even if they authenticate successfully against the configured authentication provider.
Conditions préalables
-
root
access
Procédure
-
Open the
/etc/sssd/sssd.conf
file. Set the
access_provider
option tosimple
:[domain/your-domain-name] access_provider = simple
Define the access control rules for users.
-
To allow access to users, use the
simple_allow_users
option. To deny access to users, use the
simple_deny_users
option.ImportantIf you deny access to specific users, you automatically allow access to everyone else. Allowing access to specific users is considered safer than denying.
-
To allow access to users, use the
Define the access control rules for groups. Choose one of the following:
-
To allow access to groups, use the
simple_allow_groups
option. To deny access to groups, use the
simple_deny_groups
option.ImportantIf you deny access to specific groups, you automatically allow access to everyone else. Allowing access to specific groups is considered safer than denying.
Exemple 5.3. Allowing access to specific users and groups
The following example allows access to user1, user2, and members of group1, while denying access to all other users:
[domain/your-domain-name] access_provider = simple simple_allow_users = user1, user2 simple_allow_groups = group1
-
To allow access to groups, use the
Keeping the deny list empty can lead to allowing access to everyone.
Ressources supplémentaires
-
The
sssd-simple5
man page