forked from Controls/gitea-pages
create access subdirectory
This commit is contained in:
@@ -0,0 +1,6 @@
|
||||
# Allowing/Limiting Access
|
||||
|
||||
These guides show how to allow user into the system or to allow them to become administrator.
|
||||
|
||||
```{tableofcontents}
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
# Bastions
|
||||
This parameter determines whether root logins are only possible from the hosts listed in bastions. Normally the value is taken from the network property of the same name, but this parameter allows overriding the network setting through Hiera.
|
||||
|
||||
### Use bastions
|
||||
Boolean value
|
||||
```
|
||||
aaa::user_bastions: true
|
||||
```
|
||||
|
||||
### Bastion host definitions
|
||||
A list of FQDNs. If use_bastions is true, then root logins are only allowed from the hosts on this list. Note: If the list is empty, login is unrestricted again!
|
||||
```
|
||||
- 'wmgt01.psi.ch'
|
||||
- 'wmgt02.psi.ch'
|
||||
```
|
||||
@@ -0,0 +1,19 @@
|
||||
# User and admin access
|
||||
A list of users and or groups that can access the system. Members of the groups `aaa:admins:` don't need to be members of `aaa::users:` to access a system.
|
||||
|
||||
### Regular access
|
||||
Access for ActiveDirectory (AD) user accounts or groups that are non Experiment accounts. (See e account section for that)
|
||||
```
|
||||
aaa::users:
|
||||
- 'muster_h'
|
||||
- '%unx-project_group'
|
||||
```
|
||||
|
||||
### Sudo access
|
||||
To give root access for AD user accounts or groups via sudo.
|
||||
```
|
||||
aaa::admins:
|
||||
- 'muster_h'
|
||||
- '%unx-project_group'
|
||||
```
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
# SSH Configuration Guides
|
||||
|
||||
```{tableofcontents}
|
||||
|
||||
Reference in New Issue
Block a user