[Freeipa-users] Proper configuration of service accounts
Brian Topping
brian.topping at gmail.com
Fri Apr 3 05:51:10 UTC 2015
Great work on 4.1.0! As a CentOS user, I am able to convey the 3.x -> 4.1.0 upgrade went smoothly via the CentOS 7.0 -> 7.1 upgrade on my replicated pair of IPA instances.
Question about proper setup of service accounts: I see that the service accounts I set up under "cn=etc, cn=sysaccounts" are still able to log in, but the permission changes have left them unable to read anything. Previously, I hacked the ACLs on the domain root. I would like to believe that's not how it should be done.
That said, I was surprised that service accounts are not supported in 4.x UI, so I wonder if service accounts (https://www.redhat.com/archives/freeipa-users/2012-June/msg00011.html <https://www.redhat.com/archives/freeipa-users/2012-June/msg00011.html>) are the wrong way for services like Postfix to be doing LDAP queries.
Thanks, Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150402/48cb0bce/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150402/48cb0bce/attachment.sig>
More information about the Freeipa-users
mailing list