Hi all,

 Just like to clarify my confusion: Are the HBAC (Host Based Access Control) 
rules immediately in effect after IPA client software configurations through 
sssd? Do we have any options inside sssd.conf to enable/disable the HBAC rules 
per machine (inside IPA domain)? I have this question because some important 
servers needs to be available all the time, even badly written HBAC rules could 
block access to all other servers.

 Another very close question is: what are the scenarios to use  '--permit' 
option to 'ipa-client-install'? the manual says 'Configure SSSD to permit all 
access. Otherwise the machine will be controlled by the Host-based Access 
Controls (HBAC) on the IPA server.'. So is this the solution to the above 

 Thanks a lot.

Freeipa-users mailing list

Reply via email to