[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 18:52:35 UTC 2013
On 02/15/2013 11:50 AM, John Dennis wrote:
>
> O.K. but I want to make sure you understand the difference. If you give login
> or other permissions to a network facing system daemon you're opening a huge
> security hole. Adding the apache user to the set of users managed by IPA is
> quite dangerous unless you are extraordinarily careful to remove privileges
> normally granted by IPA, it could lead to the complete compromise of your
> network.
>
Understood. This is actually all before we have moved to IPA, but are
exploring things.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list