[Freeipa-users] Starting with host based access control and your existing users and hosts
Jan Pazdziora
jpazdziora at redhat.com
Tue Nov 12 01:49:06 UTC 2013
In FreeIPA installations that already have some users and hosts in
them, the setup might be using host based access control (HBAC)
without admins realizing it because by default there is a catchall
allow_all rule there. When you then want to start tweaking the setup,
the allow_all rule needs to be disabled or it would still allow all
accesses. That might break existing users.
Check
http://www.freeipa.org/page/Howto/HBAC_and_allow_all
about possible solution to that problem.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list