From d03255571c9d4c81d92c692fd0b6db6539856cf8 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Wed, 10 Apr 2013 15:45:01 +0200 Subject: Remove any reference to HBAC source hosts from help https://fedorahosted.org/freeipa/ticket/3528 --- ipalib/plugins/hbacrule.py | 16 ++++++++-------- ipalib/plugins/hbactest.py | 6 ++---- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index c36a78816..41aaf97ee 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -25,15 +25,15 @@ from ipalib import _, ngettext __doc__ = _(""" Host-based access control -Control who can access what services on what hosts and from where. You -can use HBAC to control which users or groups on a source host can +Control who can access what services on what hosts. You +can use HBAC to control which users or groups can access a service, or group of services, on a target host. -You can also specify a category of users, target hosts, and source -hosts. This is currently limited to "all", but might be expanded in the +You can also specify a category of users and target hosts. +This is currently limited to "all", but might be expanded in the future. -Target hosts and source hosts in HBAC rules must be hosts managed by IPA. +Target hosts in HBAC rules must be hosts managed by IPA. The available services and groups of services are controlled by the hbacsvc and hbacsvcgroup plug-ins respectively. @@ -42,7 +42,7 @@ EXAMPLES: Create a rule, "test1", that grants all users access to the host "server" from anywhere: - ipa hbacrule-add --usercat=all --srchostcat=all test1 + ipa hbacrule-add --usercat=all test1 ipa hbacrule-add-host --hosts=server.example.com test1 Display the properties of a named HBAC rule: @@ -50,7 +50,7 @@ EXAMPLES: Create a rule for a specific service. This lets the user john access the sshd service on any machine from any machine: - ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd + ipa hbacrule-add --hostcat=all john_sshd ipa hbacrule-add-user --users=john john_sshd ipa hbacrule-add-service --hbacsvcs=sshd john_sshd @@ -59,7 +59,7 @@ EXAMPLES: ipa hbacsvcgroup-add ftpers ipa hbacsvc-add sftp ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers - ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp + ipa hbacrule-add --hostcat=all john_ftp ipa hbacrule-add-user --users=john john_ftp ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index 55c8aab8c..25c64ea4d 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -35,7 +35,7 @@ import pyhbac __doc__ = _(""" Simulate use of Host-based access controls -HBAC rules control who can access what services on what hosts and from where. +HBAC rules control who can access what services on what hosts. You can use HBAC to control which users or groups can access a service, or group of services, on a target host. @@ -48,7 +48,7 @@ having access to the production environment. ipa hbactest --user= --host= --service= [--rules=rules-list] [--nodetail] [--enabled] [--disabled] - [--srchost= ] [--sizelimit= ] + [--sizelimit= ] --user, --host, and --service are mandatory, others are optional. @@ -68,8 +68,6 @@ having access to the production environment. By default there is a IPA-wide limit to number of entries fetched, you can change it with --sizelimit option. - If --srchost is specified, it will be ignored. It is left because of compatibility reasons only. - EXAMPLES: 1. Use all enabled HBAC rules in IPA database to simulate: -- cgit