From 92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 4 May 2010 15:24:54 -0400
Subject: Create default HBAC rule allowing any user to access any host from
 any host

This is to make initial installation and testing easier.

Use the --no_hbac_allow option on the command-line to disable this when
doing an install.

To remove it from a running server do: ipa hbac-del allow_all
---
 install/share/Makefile.am       |  1 +
 install/share/default-hbac.ldif | 14 ++++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 install/share/default-hbac.ldif

(limited to 'install/share')

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 92d50775f..5f3536835 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -13,6 +13,7 @@ app_DATA =				\
 	bootstrap-template.ldif		\
 	caJarSigningCert.cfg.template	\
 	default-aci.ldif		\
+	default-hbac.ldif		\
 	default-keytypes.ldif		\
 	delegation.ldif			\
 	dns.ldif			\
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
new file mode 100644
index 000000000..541ff0df3
--- /dev/null
+++ b/install/share/default-hbac.ldif
@@ -0,0 +1,14 @@
+# default HBAC policy that grants permission to all services
+dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
+changetype: add
+objectclass: ipaassociation
+objectclass: ipahbacrule
+cn: allow_all
+accessruletype: allow
+usercategory: all
+hostcategory: all
+sourcehostcategory: all
+ipaenabledflag: TRUE
+description: Allow all users to access any host from any host
+# ipauniqueid gets added for us by 389-ds
+
-- 
cgit