summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2014-02-06 12:33:43 +0100
committerMartin Kosek <mkosek@redhat.com>2014-02-06 16:46:24 +0100
commit4e207b4c889a79b3465aa670b3f2229e76e8abe9 (patch)
treecae928c78890536a4aab983a1178564caa285b7e
parent03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c (diff)
downloadfreeipa-4e207b4c889a79b3465aa670b3f2229e76e8abe9.zip
freeipa-4e207b4c889a79b3465aa670b3f2229e76e8abe9.tar.gz
freeipa-4e207b4c889a79b3465aa670b3f2229e76e8abe9.tar.xz
Remove sourcehostcategory from the default HBAC rule.
https://fedorahosted.org/freeipa/ticket/4158 Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r--install/share/default-hbac.ldif1
-rw-r--r--ipalib/plugins/hbacrule.py2
2 files changed, 1 insertions, 2 deletions
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index b7b6ba2..52fd30e 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -7,7 +7,6 @@ cn: allow_all
accessruletype: allow
usercategory: all
hostcategory: all
-sourcehostcategory: all
servicecategory: all
ipaenabledflag: TRUE
description: Allow all users to access any host from any host
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index 0f0fef0..99758b2 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -118,7 +118,7 @@ class hbacrule(LDAPObject):
default_attributes = [
'cn', 'ipaenabledflag',
'description', 'usercategory', 'hostcategory',
- 'sourcehostcategory', 'servicecategory', 'ipaenabledflag',
+ 'servicecategory', 'ipaenabledflag',
'memberuser', 'sourcehost', 'memberhost', 'memberservice',
'memberhostgroup', 'externalhost',
]