[Freeipa-users] Inconsistant results with HBAC and SSH?

[Simpson Lachlan]

> With the “allow all” HBAC rule enabled, we have no trouble logging in to any
> machine via ssh. When we disable the “allow all” rule and make specific per-
> machine rules (as per the idea of ‘host based’ in HBAC), we get unpredictable
> results, primarily resulting in an inability to login via ssh. This result is intermittent
> – sometimes we can login, but sometimes we can’t.

One noted way to "break" the HBAC is a long period of inactivity in that shell.

Cheers
L.
This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.