[Freeipa-users] howto modify krb principal attributes without kadmin.local
Simo Sorce
simo at redhat.com
Tue May 15 22:24:52 UTC 2012
On Tue, 2012-05-15 at 14:21 -0700, Thomas Jackson wrote:
> So going through the documentation it's clearly laid out not to use
> kadmin or kadmin.local when using freeipa. I have been unable to find
> how to replace this functionality in the documentation.
>
> If I could use kadmin.local on my kdc I would like to run the
> following command....
>
> modprinc +requires_hwauth user
>
> Am I going to need to extend/modify the krb5 schema to modify
> principals attributes in this way?
>
For this specific change you can use kadmin.local, but the IPA UI will
not report you anything about it.
The flags part is still a weak point of the Web UI, if you want you can
open a RFE ticket to ask for better support for these flags, we need to
do it at some point we simply haven't yet as we concentrated on more
important and pressing issue this far.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list