[Freeipa-users] HBAC - expected behaviour?
Jan Pazdziora
jpazdziora at redhat.com
Wed Feb 19 14:24:44 UTC 2014
On Tue, Feb 04, 2014 at 04:11:12AM +0000, Les Stott wrote:
>
> If I access the host "host1" and remove allow_all from its defined HBAC rules in the web ui, jane can still access host1 via ssh (actually tested login).
I can see you've found the solution already but I'd like to go back to
this part.
You say that you have removed allow_all from its defined HBAC ruls
in the WebUI. However, when I try this on my FreeIPA server, I don't
see allow_all listed for any of my hosts (neither in the Direct nor
Indirect Membership listing).
Is it possible that you've added that host to allow_all on top of its
"Any Host" (aka Host category: all) manually and then removed it?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list