diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-05-04 15:24:54 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-05-05 14:57:58 -0400 |
| commit | 92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec (patch) | |
| tree | 84bb163a6a1dde36f43900f5805ffb87e518dc3c /install/tools/ipa-server-install | |
| parent | a3d1b1755965c73a758acb1ec4992bf2428fa37b (diff) | |
| download | freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.gz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.xz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.zip | |
Create default HBAC rule allowing any user to access any host from any host
This is to make initial installation and testing easier.
Use the --no_hbac_allow option on the command-line to disable this when
doing an install.
To remove it from a running server do: ipa hbac-del allow_all
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 4fd520a6e..c7fe6608e 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -122,6 +122,9 @@ def parse_options(): help="The starting gid value (default random)") parser.add_option("--subject", dest="subject", default="O=IPA", help="The certificate subject base (default O=IPA)") + parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False, + action="store_true", + help="Don't install allow_all HBAC rule") options, args = parser.parse_args() if not options.setup_dns: @@ -722,11 +725,11 @@ def main(): if options.dirsrv_pkcs12: pkcs12_info = (options.dirsrv_pkcs12, pw_name) try: - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info, subject_base=options.subject) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info, subject_base=options.subject, hbac_allow=not options.hbac_allow) finally: os.remove(pw_name) else: - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=options.selfsign, uidstart=options.uidstart, gidstart=options.gidstart, subject_base=options.subject) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=options.selfsign, uidstart=options.uidstart, gidstart=options.gidstart, subject_base=options.subject, hbac_allow=not options.hbac_allow) # Create a kerberos instance krb = krbinstance.KrbInstance(fstore) |