Russell Jones via FreeIPA-users wrote:
> Hi all,
>
> I am in the beginning stages of researching moving from NIS to FreeIPA.
> I am running through the workshop on the FreeIPA github, and am having
> difficulty understanding the difference between categories and groups.
>
> For example, I have one HBAC rule that came pre-defined on my FreeIPA
> server for "allow_systemd-user" that says it applies for user category
> and host category of "all". But then the workshop has me add an HBAC
> rule to allow a user to access a specific host by adding user and host
> groups, not categories.
>
> I'm sure there is a simple difference between the two, but I am not
> having much luck finding these concepts explained anywhere in the
> documentation. Can you point me towards where I can find this?

We wanted an easy way to apply rules to all entries of users or hosts.
We could have just added a special option for that but at the time we
figured that eventually other use cases like this would pop up so we
created a category option with just one choice: all. We never did come
up with another use case.

The alternative would be to create a hostgroup or user group that
contained all entries and that could become overwhelming. So it is
basically a shortcut.

rob