<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Logins using Domain Accounts: realmd</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="realmd">
<link rel="up" href="guide-ipa.html" title="Using with IPA">
<link rel="prev" href="guide-ipa-join.html" title="Joining a IPA domain">
<link rel="next" href="guide-kerberos.html" title="Using with other Kerberos realms">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="guide-ipa-join.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="guide-kerberos.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="guide-ipa-permit"></a>Logins using Domain Accounts</h2></div></div></div>
<p>Once the
<a class="link" href="guide-ipa-join.html" title="Joining a IPA domain">computer is joined</a>
to a IPA domain, the machine will automatically follow the
domain settings for whether users are able to log into the
machine or not.</p>
<p>To override this behavior and permit any domain account
to log in, use the following command.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span>
</pre></div>
<p>To permit only specific accounts from the domain to log in
use the following command. The first time this command is run
it will change the mode to only allow logins by specific accounts,
and then add the specified accounts to the list of accounts
to permit.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</strong></span>
</pre></div>
<p>To deny logins from any domain account, use the following
command.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span>
</pre></div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc</div>
</body>
</html>