summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-09-20 13:09:02 -0400
committerRob Crittenden <rcritten@redhat.com>2010-09-23 11:59:14 -0400
commit9fd7fedb766c5da128728b036ebd02157086b6e8 (patch)
treea65f5b8e01f19807e71f0e58be2d9a558adb82ba
parent77385c7e9e0fba83bdee74c36f2d921dd4fb57de (diff)
downloadfreeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.tar.gz
freeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.tar.xz
freeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.zip
Add an example for creating an HBAC service and service group.
Try to tie in the hbacsvc and hbacsvcgroup plugins better through an example. ticket 159
-rw-r--r--ipalib/plugins/hbac.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index 4d7681c48..94fa76227 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -59,6 +59,15 @@ EXAMPLES:
ipa hbac-add-user --users=john john_sshd
ipa hbac-add-service --hbacsvcs=sshd john_sshd
+ Create a rule for a new service group. This lets the user john access
+ the any FTP service on any machine from any machine:
+ ipa hbacsvcgroup-add ftpers
+ ipa hbacsvc-add sftp
+ ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers
+ ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_ftp
+ ipa hbac-add-user --users=john john_ftp
+ ipa hbac-add-service --hbacsvcgroups=ftpers john_ftp
+
Disable a named HBAC rule:
ipa hbac-disable test1