Hi,
On Sat, 5 Jan 2019, 74cmonty via FreeIPA-users wrote:
how can I restrict access for users to specific hosts?
you can do this with "HBAC-Rules" in "Policy" (Web UI). Example: You have a bunch of users that is supposed to be able to use an IPAfied compute cluster. Create a user group for these users, create a host group for the cluster machines and create a HBAC rule (pretty much self-explanatory, there's also a check mechanism, whether your rule will work as expected).
Downside: There's an "allow_all" rule in place by default, that has to be disabled in order for such a mechanism to actually work. Once you disable "allow_all", you have to make sure in advance that all other legitimate users are still able to access their machines. So it is very likely that you will have to additionally create quite a few other HBAC rules. Make a plan before you start.
Mit freundlichen Gruessen/With best regards,
--Daniel.