Russell Jones via FreeIPA-users wrote: > Hi all, > > I am in the beginning stages of researching moving from NIS to FreeIPA. > I am running through the workshop on the FreeIPA github, and am having > difficulty understanding the difference between categories and groups. > > For example, I have one HBAC rule that came pre-defined on my FreeIPA > server for "allow_systemd-user" that says it applies for user category > and host category of "all". But then the workshop has me add an HBAC > rule to allow a user to access a specific host by adding user and host > groups, not categories. > > I'm sure there is a simple difference between the two, but I am not > having much luck finding these concepts explained anywhere in the > documentation. Can you point me towards where I can find this?
We wanted an easy way to apply rules to all entries of users or hosts. We could have just added a special option for that but at the time we figured that eventually other use cases like this would pop up so we created a category option with just one choice: all. We never did come up with another use case. The alternative would be to create a hostgroup or user group that contained all entries and that could become overwhelming. So it is basically a shortcut. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org