[Freeipa-devel] Purpose of default user group
Jakub Hrozek
jhrozek at redhat.com
Tue Mar 10 15:01:30 UTC 2015
On Tue, Mar 10, 2015 at 03:52:44PM +0100, Martin Kosek wrote:
> On 03/10/2015 03:27 PM, Rob Crittenden wrote:
> > Petr Vobornik wrote:
> >> Hi,
> >>
> >> I would like to ask what is a purpose of a default user group - by
> >> default ipausers? Default group is also a required field in ipa config.
> >
> > To be able to apply some (undefined) group policy to all users. I'm not
> > aware that it has ever been used for this.
>
> I would also interested in the use cases, especially given all the pain we have
> with ipausers and large user bases. Especially that for current policies (SUDO,
> HBAC, SELinux user policy), we always have other means to specify "all users".
yes, but those means usually specify both AD and IPA users, right?
I always thought "ipausers" is a handy shortcut for selecting IPA users
only and not AD users.
More information about the Freeipa-devel
mailing list