##############################################################################
# Pegasus WBEM HTTP/HTTPS Network Service User Access Control Table:
# 
# This file controls access to the Pegasus WBEM Network services by users
# with the PAM pam_access module .
#
# The format of the access control table is three fields separated by a
# ":" character:
# 
# 	permission : users : origins
# 
# The first field should be a "+" (access granted) or "-" (access denied)
# character. 
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Both the user's primary group is matched, as well as
# groups in which users are explicitly listed.
#
# The third field must be 'wbemNetwork', to control access by users from
# remote hosts, or 'wbemLocal', to control access by users from the local host.
##############################################################################
#
# Pegasus PAM Access Rules:
# 1. The pegasus user access rule:
#    By default, ONLY the pegasus user can use remote network HTTP/S service:
#
+: pegasus : ALL
#
#
# 2. The root user access rule:
#    By default, the root user can use pegasus local HTTP/S service:
#
+: root : wbemLocal
# 
#
# 3. Disallow anything else:
#
-: ALL : ALL