[Freeipa-users] RHEV-M + service accounts in IPA
Rob Crittenden
rcritten at redhat.com
Wed Sep 5 12:39:20 UTC 2012
Dale Macartney wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Afternoon all
>
> I have a demo lab set up with RHEV 3.0 and IPA running on RHEL 6.3 (
> ipa-server-2.2-16)
>
> I have an api script that handles all my deployments and I am trying to
> set up a role account for my script to run within a jenkins environment.
>
> I have created an ldap sysaccount, however that doesn't appear in the
> RHEV users list when I do a search. So its clear its looking for
> specific IPA users.
>
> Is there a way (or on the roadmap), to create service/role accounts in
> IPA where the password doesn't expire?
>
> I'm trying to avoid scenarios like this
>
> https://access.redhat.com/knowledge/solutions/67562
>
> Any comments / suggestions are welcome
>
> Thanks everyone
>
> Dale
>
A work-around is to set krbpasswordexpiration of the user somewhere far
in the future to prevent expiration.
We have a ticket open on this,
https://fedorahosted.org/freeipa/ticket/2111, currently targeted for IPA
3.3.
rob
More information about the Freeipa-users
mailing list