From 92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 4 May 2010 15:24:54 -0400 Subject: Create default HBAC rule allowing any user to access any host from any host This is to make initial installation and testing easier. Use the --no_hbac_allow option on the command-line to disable this when doing an install. To remove it from a running server do: ipa hbac-del allow_all --- install/tools/man/ipa-server-install.1 | 3 +++ 1 file changed, 3 insertions(+) (limited to 'install/tools/man/ipa-server-install.1') diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index edd541633..a64a2eba1 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -101,6 +101,9 @@ The starting group id number (default random) \fB\-\-subject\fR=\fISUBJECT\fR The certificate subject base (default O=IPA) .TP +\fB\-\-no_hbac_allow\fR +Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production. +.TP .SH "EXIT STATUS" 0 if the installation was successful -- cgit