IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove any reference to HBAC source hosts from help

Browse Source 
https://fedorahosted.org/freeipa/ticket/3528
This commit is contained in:
Ana Krivokapic
2013-04-10 15:45:01 +02:00
committed by Rob Crittenden
parent 39982f6696
commit d03255571c
2 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ipalib/plugins/hbacrule.py
View File

@@ -25,15 +25,15 @@ from ipalib import _, ngettext
__doc__ = _("""
Host-based access control
Control who can access what services on what hosts and from where. You
can use HBAC to control which users or groups on a source host can
Control who can access what services on what hosts. You
can use HBAC to control which users or groups can
access a service, or group of services, on a target host.
You can also specify a category of users, target hosts, and source
hosts. This is currently limited to "all", but might be expanded in the
You can also specify a category of users and target hosts.
This is currently limited to "all", but might be expanded in the
future.
Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
Target hosts in HBAC rules must be hosts managed by IPA.
The available services and groups of services are controlled by the
hbacsvc and hbacsvcgroup plug-ins respectively.
@@ -42,7 +42,7 @@ EXAMPLES:
Create a rule, "test1", that grants all users access to the host "server" from
anywhere:
ipa hbacrule-add --usercat=all --srchostcat=all test1
ipa hbacrule-add --usercat=all test1
ipa hbacrule-add-host --hosts=server.example.com test1
Display the properties of a named HBAC rule:
@@ -50,7 +50,7 @@ EXAMPLES:
Create a rule for a specific service. This lets the user john access
the sshd service on any machine from any machine:
ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd
ipa hbacrule-add --hostcat=all john_sshd
ipa hbacrule-add-user --users=john john_sshd
ipa hbacrule-add-service --hbacsvcs=sshd john_sshd
@@ -59,7 +59,7 @@ EXAMPLES:
ipa hbacsvcgroup-add ftpers
ipa hbacsvc-add sftp
ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers
ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp
ipa hbacrule-add --hostcat=all john_ftp
ipa hbacrule-add-user --users=john john_ftp
ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp

6
ipalib/plugins/hbactest.py
View File

@@ -35,7 +35,7 @@ import pyhbac
__doc__ = _("""
Simulate use of Host-based access controls
HBAC rules control who can access what services on what hosts and from where.
HBAC rules control who can access what services on what hosts.
You can use HBAC to control which users or groups can access a service,
or group of services, on a target host.
@@ -48,7 +48,7 @@ having access to the production environment.
ipa hbactest --user= --host= --service=
[--rules=rules-list] [--nodetail] [--enabled] [--disabled]
[--srchost= ] [--sizelimit= ]
[--sizelimit= ]
--user, --host, and --service are mandatory, others are optional.
@@ -68,8 +68,6 @@ having access to the production environment.
By default there is a IPA-wide limit to number of entries fetched, you can change it
with --sizelimit option.
If --srchost is specified, it will be ignored. It is left because of compatibility reasons only.
EXAMPLES:
1. Use all enabled HBAC rules in IPA database to simulate: