On Fri, Mar 06, 2015 at 08:24:28PM +0000, Craig White wrote:
> Seems the initial/default setup for IPA server is to put in an 'allow_all' 
> rule. Thus you can actively manage HBAC but out of the box, it is essentially 
> turned off by that rule.

Yes. The default was the opposite very long time ago, you had to
explicitly enable access to the box. But it was causing too many user
issues. 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to