1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# default HBAC policy that grants permission to all services
dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
changetype: add
objectclass: ipaassociation
objectclass: ipahbacrule
cn: allow_all
accessruletype: allow
usercategory: all
hostcategory: all
sourcehostcategory: all
servicecategory: all
ipaenabledflag: TRUE
description: Allow all users to access any host from any host
# ipauniqueid gets added for us by 389-ds
dn: cn=sshd,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: sshd
description: sshd
dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: ftp
description: ftp
dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: sudo
description: sudo
dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: su
description: su
dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: login
description: login
|