[Freeipa-users] Non-human users
Dmitri Pal
dpal at redhat.com
Sun Feb 17 20:13:38 UTC 2013
On 02/17/2013 02:37 PM, Simo Sorce wrote:
> On Sat, 2013-02-16 at 13:31 +0000, Charlie Derwent wrote:
>>
>> Bit late to the conversation here, but if you want another example of
>> a
>> quasi-system account within IPA, there is the need for a user to
>> handle
>> automated enrollment/re-enrollment of servers.
>>
>> Charlie
>>
> For this we should be able to use a service principal, not a full
> account. Unless for some reason you need this principal to show up as a
> user in the system (full posixAccount).
>
> Simo.
>
I do not think we have any permission setup in IPA for a service account
to perform any modification operations. It can be host account though
and we have permission mechanisms built into IdM to allow a host
(provisioning system or hypervisor) manage other hosts and services
running on them. It should be in the docs.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list