On Sat, 01 May 2010 22:43:22 -0400
Rob Crittenden <rcrit...@redhat.com> wrote:

> The default configuration in hbac uses the model "denied unless 
> explicitly allowed" which is why all your logins failed. We don't 
> currently have any default rules set up, I wonder if we should have
> some basic ones for demonstration purposes and to sort of bootstrap
> things.

I think we should have a default *explicit* permit all rule that admins
will promptly remove as soon as they have decided what is their final
Otherwise it will make things too nasty for people that are setting it
up for the first time.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to