# default HBAC policy that grants permission to all services dn: ipauniqueid=autogenerate,cn=hbac,$SUFFIX changetype: add objectclass: ipaassociation objectclass: ipahbacrule cn: allow_all accessruletype: allow usercategory: all hostcategory: all servicecategory: all ipaenabledflag: TRUE description: Allow all users to access any host from any host ipauniqueid: autogenerate # default HBAC policy for pam_systemd dn: ipauniqueid=autogenerate,cn=hbac,$SUFFIX changetype: add objectclass: ipaassociation objectclass: ipahbacrule cn: allow_systemd-user accessruletype: allow usercategory: all hostcategory: all memberService: cn=systemd-user,cn=hbacservices,cn=hbac,$SUFFIX ipaenabledflag: TRUE description: Allow pam_systemd to run user@.service to create a system user session ipauniqueid: autogenerate