mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
46 lines
1005 B
Plaintext
46 lines
1005 B
Plaintext
# default HBAC policy that grants permission to all services
|
|
dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipaassociation
|
|
objectclass: ipahbacrule
|
|
cn: allow_all
|
|
accessruletype: allow
|
|
usercategory: all
|
|
hostcategory: all
|
|
sourcehostcategory: all
|
|
servicecategory: all
|
|
ipaenabledflag: TRUE
|
|
description: Allow all users to access any host from any host
|
|
# ipauniqueid gets added for us by 389-ds
|
|
|
|
dn: cn=sshd,cn=hbacservices,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipahbacservice
|
|
cn: sshd
|
|
description: sshd
|
|
|
|
dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipahbacservice
|
|
cn: ftp
|
|
description: ftp
|
|
|
|
dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipahbacservice
|
|
cn: sudo
|
|
description: sudo
|
|
|
|
dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipahbacservice
|
|
cn: su
|
|
description: su
|
|
|
|
dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: ipahbacservice
|
|
cn: login
|
|
description: login
|
|
|