_______________________________________________Try to make this simple.Have a HBAC, have the "Who" set to a user, have the "Accessing" set to a server.Have the "Via Service" set to "sshd". The user can ssh into the server no issue.I want to limit this user to only being able to sftp into this server (no direct ssh).If I swap the "Via Service" from the sshd service to sftp that user is now denied. They cannot access the server via sftp or ssh. I would expect it to deny ssh access but allow sftp.I did copy "cp /etc/pam.d/sshd /etc/pam.d/sftp" as I saw it mentioned here https://freeipa-users.redhat.narkive.com/tFQFZmNu/hbac-service-allowed-despite-not-listed but that didn't seem to work.Can you point me to the instructions on how to make the HBAC work with a particular service (e.g. sftp)?
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue