diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-05-04 15:24:54 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-05-05 14:57:58 -0400 |
| commit | 92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec (patch) | |
| tree | 84bb163a6a1dde36f43900f5805ffb87e518dc3c /install/share | |
| parent | a3d1b1755965c73a758acb1ec4992bf2428fa37b (diff) | |
| download | freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.gz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.xz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.zip | |
Create default HBAC rule allowing any user to access any host from any host
This is to make initial installation and testing easier.
Use the --no_hbac_allow option on the command-line to disable this when
doing an install.
To remove it from a running server do: ipa hbac-del allow_all
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/default-hbac.ldif | 14 |
2 files changed, 15 insertions, 0 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 92d50775f..5f3536835 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -13,6 +13,7 @@ app_DATA = \ bootstrap-template.ldif \ caJarSigningCert.cfg.template \ default-aci.ldif \ + default-hbac.ldif \ default-keytypes.ldif \ delegation.ldif \ dns.ldif \ diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif new file mode 100644 index 000000000..541ff0df3 --- /dev/null +++ b/install/share/default-hbac.ldif @@ -0,0 +1,14 @@ +# default HBAC policy that grants permission to all services +dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX +changetype: add +objectclass: ipaassociation +objectclass: ipahbacrule +cn: allow_all +accessruletype: allow +usercategory: all +hostcategory: all +sourcehostcategory: all +ipaenabledflag: TRUE +description: Allow all users to access any host from any host +# ipauniqueid gets added for us by 389-ds + |