On Mon, 2013-02-04 at 09:21 -0500, Rob Crittenden wrote:
> Rajnesh Kumar Siwal wrote:
> > Looking into the sssd logs, I came to know there there was one more
> > rule allowing access:-
> > (Mon Feb  4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
> > [hbac_get_category] (5): Category is set to 'all'.
> > (Mon Feb  4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
> > [ipa_hbac_evaluate_rules] (3): Access granted by HBAC rule [allow_all]
> > (Mon Feb  4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
> > [be_pam_handler_callback] (4): Backend returned: (0, 0, <NULL>)
> > [Success]
> >
> > I disabled that allow_all rule, now it is fine.
> 
> I don't know why that would make any difference. HBAC != sudo.

sudo uses pam so HBAC may be involved during auth

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to