Russell Jones via FreeIPA-users wrote:
Hi all,
I am in the beginning stages of researching moving from NIS to FreeIPA.
I am running through the workshop on the FreeIPA github, and am having
difficulty understanding the difference between categories and groups.
For example, I have one HBAC rule that came pre-defined on my FreeIPA
server for "allow_systemd-user" that says it applies for user category
and host category of "all". But then the workshop has me add an HBAC
rule to allow a user to access a specific host by adding user and host
groups, not categories.
I'm sure there is a simple difference between the two, but I am not
having much luck finding these concepts explained anywhere in the
documentation. Can you point me towards where I can find this?
We wanted an easy way to apply rules to all entries of users or hosts.
We could have just added a special option for that but at the time we
figured that eventually other use cases like this would pop up so we
created a category option with just one choice: all. We never did come
up with another use case.
The alternative would be to create a hostgroup or user group that
contained all entries and that could become overwhelming. So it is
basically a shortcut.
rob