Limiting logins under SSSD

Under SSSD, you can pretty easily limit logins to specific users or groups. The syntax is different from that of /etc/security/access.conf, and is actually easier. Red Hat has some documentation (may require login). There is also a man page for sssd.conf(5).

Under the your domain, add some lines to configure "simple" access control:

[domain/default]  

access_provider = simple 

simple_allow_users = topbanana 

simple_allow_groups = bunchofbananas,wheel