Host-based Access Control (HBAC) Examples#
HBAC rules allow to define policies to control how hosts and services are accessed based on the user, user’s group or host that is attempting to access.
Creating an HBAC rule#
Create a base rule that will handle SSH service access.
Managing members of a HBAC rule#
john to the previously created HBAC rule.
Additionally, you can set access based on groups:
john from the HBAC rule.
Managing targets of a HBAC rule#
After we have created the rule and set the members, targets must be registered before being added to the rule.
Adding a new HBAC service.
Services must be attached to rules. Attach the sshd service to the previously
created rule. This service is registered in IPA by default, so there’s no need
to add it with
Hosts can be added as targets as well. Allow the SSH service to be accessed only in
the hosts part of the
Testing a HBAC rule#
Simulate the use of the rule we previously created, against the host
workstation.ipa.test, the service
sshd coming from the user
api.Command.hbactest(user="john", targethost="workstation.ipa.test", service="sshd", rules="sshd_rule")
Enabling and disabling HBAC rules#
Enable a HBAC rule.
Disable a HBAC rule.