[Freeipa-users] HBAC - Limit SSH access to "test" systems
Jan Pazdziora
jpazdziora at redhat.com
Mon Nov 30 10:52:57 UTC 2015
On Mon, Nov 30, 2015 at 11:18:15AM +0100, Alexander Skwar wrote:
>
> Hm, okay. But when I deactivate the "allow_all" rule, doesn't that also
> change the "default" behaviour? I mean, by default, everything will
> be allowed for everyone on every system.
No.
> When I deactivate the allow_all - won't that mean, that nothing will
> be allowed for everyone on all systems?
That's right, nothing will be allowed.
Disabling allow_all has the potential of making everything stop
working. You need to plan carefully and replace the allow_all with
tailored rules. For example, see
http://www.freeipa.org/page/Howto/HBAC_and_allow_all
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list