I was working on some more Yubikey token implementations last night and I was asked “How can I only let people in a specific user group login to my server?”
This is the perfect example of what “host based access control” is designed to address.
Every operating system will use host based access control at some point.
If you take Microsoft Windows for example, you will be unable to login to a server unless your user is a member of a specific security group.
With Microsoft Windows, the host based access control, or HBAC as it is commonly referred to, is managed by Active Directory.
With Red Hat Enterprise Linux, HBAC can be managed in a similar way if you are using the FreeIPA identity management solution.
Of course, not everyone has a straight forward homogeneous infrastructure.
For example, many of you may have your Linux infrastructure directly connected to Microsoft Active Directory as your identity management solution.
Continue reading “Host based access control with Red Hat Enterprise Linux 6” »