[Freeipa-users] Setting a new directory manager password

[Steven Jones]

Hi,

What needs to be delegated?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
Sent: Tuesday, 27 March 2012 10:34 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Setting a new directory manager password

On 03/26/2012 05:28 PM, Steven Jones wrote:
> Hi,
>
> Our policy is to have the security manager hold the top most password of AD. There is a requirement that we do the same thing for IPA if possible/practical.
>
> So, is there any reason apart from resetting the admin password or replication that I would ever need this password in a day to day context?

As long as you create other administrative accounts and define their
permissions as more confined you do not need to use this admin account
other than to perform operations on itself. All other functions can be
delegated except the DM password of the underlying DS that should be
used only if you need to do some low level DS operations in case
something went wrong.

> If not, how would I re-write/change the password?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users