[Freeipa-users] Adding permissions to a service account.
Rob Crittenden
rcritten at redhat.com
Wed Aug 13 20:05:41 UTC 2014
William wrote:
> On Tue, 2014-08-12 at 13:51 -0400, Rob Crittenden wrote:
>> William wrote:
>>> Hi,
>>>
>>> I am trying to allow a radius service account the ability to read
>>> ipaNTHash. I carried out the following steps:
>>>
>
>>
>> You can't delegate permissions to a service. See
>> https://fedorahosted.org/freeipa/ticket/3644
>>
>> rob
>
>
> For now, should I just add the service DN as a member of the role to
> enable this?
>
Theoretically if you add the service as a member in the role using
ldapmodify then yes, it should work functionally. What the IPA framework
would do with this is another matter. Worst case it would blow up
whenever trying to retrieve this role/privilege/permission/service (or a
combination).
rob
More information about the Freeipa-users
mailing list