[Freeipa-users] Creating arbitrary users?
Coy Hile
coy.hile at coyhile.com
Tue Apr 7 18:54:14 UTC 2015
Quoting Simo Sorce <simo at redhat.com>:
>> >
>> >
>> I guess that makes sense. Is it possible to add a user that simply
>> doesn't have the posix attributes defined? In the particular case of
>> */admin, I would expect that user to login to the ipa ui or to be
>> kinit'd to prior to running ipa administrative commands, but I should
>> hope that it should never login directly.
>>
>> Does that question make more sense?
>
> It does, but we do not have such a feature, sorry.
>
> Simo.
>
Could one hypothetically remove the posix attributes (via some scripted
process that validates that what it's doing is inline with organizational
norms/goals) without breaking freeIPA, or are the posix attributes MUST in
the IPA object classes? I'm sorry for so many endless questions, but having
finally got my personal setup/lab using something other than Active Directory,
I'm looking to migrate to something that is easier to manage, so I'm trying to
draw comparisons between what I had been used to in previous vanilla krb/ldap
shops.
Thanks,
-c
--
Coy Hile
coy.hile at coyhile.com
--
Coy Hile
coy.hile at coyhile.com
More information about the Freeipa-users
mailing list