From 6dff95bdfe437afc0b62b5270d0d84140981c786 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 16 Mar 2015 11:48:39 +0100 Subject: IPA: Remove the ipa_hbac_treat_deny_as option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://fedorahosted.org/sssd/ticket/2603 Since deny rules are no longer supported on the server, the client should no longer support them either. Remove the option. Reviewed-by: Pavel Březina --- src/man/sssd-ipa.5.xml | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'src/man/sssd-ipa.5.xml') diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 77cb9aac5..0716b6235 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -499,34 +499,6 @@ - - ipa_hbac_treat_deny_as (string) - - - This option specifies how to treat the deprecated - DENY-type HBAC rules. As of FreeIPA v2.1, DENY - rules are no longer supported on the server. All - users of FreeIPA will need to migrate their rules - to use only the ALLOW rules. The client will - support two modes of operation during this - transition period: - - - DENY_ALL: If any HBAC DENY - rules are detected, all users will be denied - access. - - - IGNORE: SSSD will ignore any - DENY rules. Be very careful with this option, as - it may result in opening unintended access. - - - Default: DENY_ALL - - - - ipa_server_mode (boolean) -- cgit