On Tue, Feb 04, 2014 at 04:11:12AM +0000, Les Stott wrote:
> If I access the host "host1" and remove allow_all from its defined HBAC rules 
> in the web ui, jane can still access host1 via ssh (actually tested login).

I can see you've found the solution already but I'd like to go back to
this part.

You say that you have removed allow_all from its defined HBAC ruls
in the WebUI. However, when I try this on my FreeIPA server, I don't
see allow_all listed for any of my hosts (neither in the Direct nor
Indirect Membership listing).

Is it possible that you've added that host to allow_all on top of its
"Any Host" (aka Host category: all) manually and then removed it?

Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat

Freeipa-users mailing list

Reply via email to