Just like to clarify my confusion: Are the HBAC (Host Based Access Control)
rules immediately in effect after IPA client software configurations through
sssd? Do we have any options inside sssd.conf to enable/disable the HBAC rules
per machine (inside IPA domain)? I have this question because some important
servers needs to be available all the time, even badly written HBAC rules could
block access to all other servers.
Another very close question is: what are the scenarios to use '--permit'
option to 'ipa-client-install'? the manual says 'Configure SSSD to permit all
access. Otherwise the machine will be controlled by the Host-based Access
Controls (HBAC) on the IPA server.'. So is this the solution to the above
Thanks a lot.
Freeipa-users mailing list