On Mon, May 14, 2012 at 07:57:06PM -0700, David Copperfield wrote: > Hi all, > > The online manual says that the '--usercat' means 'User category the rule > applies to'; '--hostcat' has the similar explanation. But I still don't > understand how that could be used in real life and when/where to use the > options. > > Could anyone please shed a light on this? Thanks a lot.
iirc these options where introduced with the host based access control (HBAC) and are used to identify categories/classes of users and hosts in a more general way than using groups or ip-address ranges. I think currently only the keyword 'all' can be used here, which e.g means that an HBAC rule will match for all users or all hosts. In future it is planned to support other categories, e.g. something like 'local' and 'remote' which would catch all users/hosts of the local IPA domain or all users/groups which are coming from remote domains ,respectively. HTH bye, Sumit > > --David > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users