diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-09-20 13:09:02 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-09-23 11:59:14 -0400 |
| commit | 9fd7fedb766c5da128728b036ebd02157086b6e8 (patch) | |
| tree | a65f5b8e01f19807e71f0e58be2d9a558adb82ba /ipalib/plugins/hbac.py | |
| parent | 77385c7e9e0fba83bdee74c36f2d921dd4fb57de (diff) | |
| download | freeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.tar.gz freeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.tar.xz freeipa-9fd7fedb766c5da128728b036ebd02157086b6e8.zip | |
Add an example for creating an HBAC service and service group.
Try to tie in the hbacsvc and hbacsvcgroup plugins better through an
example.
ticket 159
Diffstat (limited to 'ipalib/plugins/hbac.py')
| -rw-r--r-- | ipalib/plugins/hbac.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py index 4d7681c4..94fa7622 100644 --- a/ipalib/plugins/hbac.py +++ b/ipalib/plugins/hbac.py @@ -59,6 +59,15 @@ EXAMPLES: ipa hbac-add-user --users=john john_sshd ipa hbac-add-service --hbacsvcs=sshd john_sshd + Create a rule for a new service group. This lets the user john access + the any FTP service on any machine from any machine: + ipa hbacsvcgroup-add ftpers + ipa hbacsvc-add sftp + ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers + ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_ftp + ipa hbac-add-user --users=john john_ftp + ipa hbac-add-service --hbacsvcgroups=ftpers john_ftp + Disable a named HBAC rule: ipa hbac-disable test1 |