31.3. Adding HBAC Service Entries for Custom HBAC Services
Only the most common services and service groups are configured for HBAC rules by default. However, you can also configure any other pluggable authentication module (PAM) service as an HBAC service. This enables you to define the custom PAM service in an HBAC rule.
Adding a service as an HBAC service is not the same as adding a service to the domain. Adding a service to the domain (described in Section 16.1, “Adding and Editing Service Entries and Keytabs”) makes the service a recognized resource available to other resources in the domain, but it does not enable you to use the service in HBAC rules.
To add an HBAC service entry, you can use:
- the IdM web UI (see the section called “Web UI: Adding an HBAC Service Entry”)
- the command line (see the section called “Command Line: Adding an HBAC Service Entry”)
Web UI: Adding an HBAC Service Entry
- Select Policy → Host-Based Access Control → HBAC Services.
- Click Add to add an HBAC service entry.
- Enter a name for the service, and click Add.
Command Line: Adding an HBAC Service Entry
Use the ipa hbacsvc-add command. For example, to add an entry for the
$ ipa hbacsvc-add tftp ------------------------- Added HBAC service "tftp" ------------------------- Service name: tftp