summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-server-install7
-rw-r--r--install/tools/man/ipa-server-install.13
2 files changed, 8 insertions, 2 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 4fd520a6e..c7fe6608e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -122,6 +122,9 @@ def parse_options():
help="The starting gid value (default random)")
parser.add_option("--subject", dest="subject", default="O=IPA",
help="The certificate subject base (default O=IPA)")
+ parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
+ action="store_true",
+ help="Don't install allow_all HBAC rule")
options, args = parser.parse_args()
if not options.setup_dns:
@@ -722,11 +725,11 @@ def main():
if options.dirsrv_pkcs12:
pkcs12_info = (options.dirsrv_pkcs12, pw_name)
try:
- ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info, subject_base=options.subject)
+ ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info, subject_base=options.subject, hbac_allow=not options.hbac_allow)
finally:
os.remove(pw_name)
else:
- ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=options.selfsign, uidstart=options.uidstart, gidstart=options.gidstart, subject_base=options.subject)
+ ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=options.selfsign, uidstart=options.uidstart, gidstart=options.gidstart, subject_base=options.subject, hbac_allow=not options.hbac_allow)
# Create a kerberos instance
krb = krbinstance.KrbInstance(fstore)
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index edd541633..a64a2eba1 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -101,6 +101,9 @@ The starting group id number (default random)
\fB\-\-subject\fR=\fISUBJECT\fR
The certificate subject base (default O=IPA)
.TP
+\fB\-\-no_hbac_allow\fR
+Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
+.TP
.SH "EXIT STATUS"
0 if the installation was successful
generated by cgit (git 2.34.1) at 2024-10-02 13:27:25 +0000