In FreeIPA installations that already have some users and hosts in
them, the setup might be using host based access control (HBAC)
without admins realizing it because by default there is a catchall
allow_all rule there. When you then want to start tweaking the setup,
the allow_all rule needs to be disabled or it would still allow all
accesses. That might break existing users.
Check
http://www.freeipa.org/page/Howto/HBAC_and_allow_all
about possible solution to that problem.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
