-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation for AIX 7.3 added #45
Conversation
🪓 PR closed, deleted preview at https://github.com/freeipa/freeipa.github.io/tree/gh-pages/pull/45/ |
src/page/ConfiguringAixClients.rst
Outdated
* FreeIPA DNS domain | ||
* FreeIPA Kerberos realm | ||
* FreeIPA LDAP base DN | ||
* HBAC rule ID for access to your AIX server (:command:`ipa hbacrule-show <name> --all | grep dn:`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This assumes that an HBAC rule was created to restrict access to the machine. Perhaps an example of creating such a rule. I assume this isn't mandatory?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it is not mandatory. But this is a standard FreeIPA feature, nothing special to AIX. E.g. see https://www.freeipa.org/page/Howto/HBAC_and_allow_all and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/configuring-host-based-access-control-rules_managing-users-groups-hosts
That's why there is no such example.
Another curious thing I found out, that this page is linked only through FreeIPA V1 Documentation which is not shown anywhere on the doc page. Should I add a link to it on the Howtos https://www.freeipa.org/page/HowTos page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not everyone sets up separate HBAC rules, particularly not OS-based rules. So perhaps wording saying "If you have or want an HBAC rule to limit connections...." and a link to HBAC_and_allow_all.
We got out of the business of documenting other OS integration because it was difficult to impossible to keep it up to date or to provide any support. A howto link is a good idea and would make it more discoverable.
I did some changes:
|
I have no way to validate the content but this looks ok to me. |
Thank you Rob! |
Added description how to configure AIX 7.3 to be IPA client.