------ "The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics is the insistence that we cannot ignore the truth, nor should we panic about it. It is a shared consciousness that our institutions have failed and our ecosystem is collapsing, yet we are still here — and we are creative agents who can shape our destinies. Apocalyptic civics is the conviction that the only way out is through, and the only way through is together. "
*Greg Bloom* @greggish https://twitter.com/greggish/status/873177525903609857 On 8 December 2017 at 00:20, Rob Crittenden <rcrit...@redhat.com> wrote: > Lachlan Musicman via FreeIPA-users wrote: > > Stupid question, but to stop anyone from logging in anywhere - for > > instance during a maintenance period - is there an easy maintenance mode > > in IPA? > > > > Or is the best method to disable all HBAC rules? > > I guess it depends on what maintenance you're talking about, and where. > > If it's general maintenance in your infrastructure then yeah, HBAC rules > seems a good place to start. I guess just leave one rule active, the > rule that lets the administrators log in. > > There is no knob in IPA to do this. > Because we still have root access we decided on: while read -r line ; do ipa hbacrule-disable "$line"; done < <( ipa hbacrule-find --pkey-only | grep : | cut -d: -f2-) while read -r line ; do ipa hbacrule-disable "$line"; done < <( ipa hbacrule-find --pkey-only | grep : | grep -v allow_all | cut -d: -f2-) Which is sort of hacky, but sufficient. Cheers L.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org