"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "

*Greg Bloom* @greggish

On 8 December 2017 at 00:20, Rob Crittenden <rcrit...@redhat.com> wrote:

> Lachlan Musicman via FreeIPA-users wrote:
> > Stupid question, but to stop anyone from logging in anywhere - for
> > instance during a maintenance period - is there an easy maintenance mode
> > in IPA?
> >
> > Or is the best method to disable all HBAC rules?
> I guess it depends on what maintenance you're talking about, and where.
> If it's general maintenance in your infrastructure then yeah, HBAC rules
> seems a good place to start. I guess just leave one rule active, the
> rule that lets the administrators log in.
> There is no knob in IPA to do this.

Because we still have root access we decided on:

while read -r line ; do ipa hbacrule-disable "$line"; done < <( ipa
hbacrule-find --pkey-only |  grep : | cut -d: -f2-)
while read -r line ; do ipa hbacrule-disable "$line"; done < <( ipa
hbacrule-find --pkey-only |  grep : | grep -v allow_all | cut -d: -f2-)

Which is sort of hacky, but sufficient.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to