31.3. Adding HBAC Service Entries for Custom HBAC Services

Only the most common services and service groups are configured for HBAC rules by default. However, you can also configure any other pluggable authentication module (PAM) service as an HBAC service. This enables you to define the custom PAM service in an HBAC rule.

Note

Adding a service as an HBAC service is not the same as adding a service to the domain. Adding a service to the domain (described in Section 16.1, “Adding and Editing Service Entries and Keytabs”) makes the service a recognized resource available to other resources in the domain, but it does not enable you to use the service in HBAC rules.
To add an HBAC service entry, you can use:

Web UI: Adding an HBAC Service Entry

  1. Select PolicyHost-Based Access ControlHBAC Services.
  2. Click Add to add an HBAC service entry.
  3. Enter a name for the service, and click Add.

Command Line: Adding an HBAC Service Entry

Use the ipa hbacsvc-add command. For example, to add an entry for the tftp service:
$ ipa hbacsvc-add tftp
-------------------------
Added HBAC service "tftp"
-------------------------
  Service name: tftp