On Fri, Mar 06, 2015 at 08:24:28PM +0000, Craig White wrote: > Seems the initial/default setup for IPA server is to put in an 'allow_all' > rule. Thus you can actively manage HBAC but out of the box, it is essentially > turned off by that rule.
Yes. The default was the opposite very long time ago, you had to explicitly enable access to the box. But it was causing too many user issues. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project