[Freeipa-users] stopping su -

Tue Jul 17 22:03:06 UTC 2012

Hi

Actually this for me anyway is exactly what IPA should be for....its security,  its centrally managed and it saves workload.

Doing this across 200+ servers needs to be centralised or IPA becomes pointless, very limited ie one point password, add and remove users (oh big deal I can use salt to do that in effect). As I'd have to do IPA stuff and then local....its saves me little if anything in work / automation.

Now if it doesn't do this well OK, but half my problem is determining what IPA can and cant do, the devil is in the detail as they say.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

8><------

You can lock that down in the sudoers config and you can lock the su permissions to the wheel group via the local configuration files in /etc/security or via the pam module. either way you need to add in configuration file managment, which is not what freeipa is for.

8><----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120717/0f1c6001/attachment.htm>