[Freeipa-users] HBAC rules take in effect on IPA clients immediately after installation?
Gelen James
hahaha_30k at yahoo.com
Fri May 18 21:27:15 UTC 2012
Hi all,
Just like to clarify my confusion: Are the HBAC (Host Based Access Control) rules immediately in effect after IPA client software configurations through sssd? Do we have any options inside sssd.conf to enable/disable the HBAC rules per machine (inside IPA domain)? I have this question because some important servers needs to be available all the time, even badly written HBAC rules could block access to all other servers.
Another very close question is: what are the scenarios to use '--permit' option to 'ipa-client-install'? the manual says 'Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host-based Access Controls (HBAC) on the IPA server.'. So is this the solution to the above problem?
Thanks a lot.
--Gelen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120518/baadc983/attachment.htm>
More information about the Freeipa-users
mailing list