Bug 983133 - [RFE] new ipa command component like "ipa accesscheck"
[RFE] new ipa command component like "ipa accesscheck"
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: freeipa (Show other bugs)
rawhide
All All
unspecified Severity medium
: ---
: ---
Assigned To: Rob Crittenden
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-10 11:07 EDT by sakodak
Modified: 2013-07-10 20:10 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: I have a need, on occasion, to see who is allowed to access a particular machine, or to check to see what machines a particular user is allowed to connect to. Reason: I have a lot of AIX machines, sssd does not exist for AIX, so I must generate a list of users allowed to connect to any given machine. I would prefer to do this automatically. This would also help in system and user audits. Result (if any):
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description sakodak 2013-07-10 11:07:45 EDT
Description of problem:

Request for enhancement.  I have a need, on occasion, to see who is allowed to access a particular machine, or to check to see what machines a particular user is allowed to connect to.

What I'm asking for is a new function in the ipa command.  The way I envision it would be something like:

ipa accesscheck --user=someuser --hosts

would list all the hosts that someuser has access to.

ipa accesscheck --host=somehost --users

would list all the users allowed to access that host (by default show all services.)

ipa accesscheck --host=somehost --users --service=sshd

would show only users allowed to access somehost through sshd.

Bottom line, I want a list of users allowed to access a given host and a list of hosts a given user is allowed to connect to.  Anything else would be gravy.


Version-Release number of selected component (if applicable):

 n/a


How reproducible:

 n/a

Steps to Reproduce:
1. n/a
2. n/a
3. n/a

Actual results:
 n/a

Expected results:
 n/a

Additional info:
 n/a
Comment 1 Dmitri Pal 2013-07-10 20:10:12 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3775

Note You need to log in before you can comment on or make changes to this bug.