Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

added bastions

Browse Source
This commit is contained in:
bruhn_b
2024-09-20 11:49:56 +02:00
parent 6ce88ceb0f
commit 8ed71f6706
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_toc.yml
+1
View File
@@ -31,6 +31,7 @@ chapters:
- file: admin-guide/authentication
sections:
- file: admin-guide/authentication/system_access
- file: admin-guide/authentication/bastion_hosts
- file: admin-guide/deployment
sections:
admin-guide/authentication/bastion_hosts.md
+15
View File
@@ -0,0 +1,15 @@
# Bastions
This parameter determines whether root logins are only possible from the hosts listed in bastions. Normally the value is taken from the network property of the same name, but this parameter allows overriding the network setting through Hiera.
### Use bastions
Boolean value
```
aaa::user_bastions: true
```
### Bastion host definitions
A list of FQDNs. If use_bastions is true, then root logins are only allowed from the hosts on this list. Note: If the list is empty, login is unrestricted again!
```
- 'wmgt01.psi.ch'
- 'wmgt02.psi.ch'
```
admin-guide/authentication/system_access.md
+1 -1
View File
@@ -14,6 +14,6 @@ To give root access for AD user accounts or groups via sudo.
```
aaa::admins:
- 'muster_h'
- 'unx-project_group'
- '%unx-project_group'
```