Add support for realm permit and deny comamnds #110
Description
While setting up AD integration, it would be ideal to support a declarative list of users/groups that are permitted to log in to the system.
some example commands are:
realm permit foo@bar.com BAR.COM\foo Add domain users to the permit list
realm permit -g Administrators Developers@bar.com Add Domain groups to the permit list
realm permit -x foo@bar.com Widthdraw user from permit list
realm permit -x -g Administrators Widthdraw group from permit list
realm dent --all Deny all logins from the domain, only supported command for deny, realm: Specifying deny without --all is deprecated. Use realm permit --withdraw
I think it would also benefit to have a similar option to exclusive from the ansible.posix.authotrized_key module to hold a declarative list of allowed logins to be held in ansible
there are only 3 states for permitted login:
- Allow all
- Allow specified
- Deny all
so this will require a check to ensure deny is not set along the permit