[Freeipa-users] Client enrolment user
Coy Hile
coy.hile at coyhile.com
Thu Nov 5 16:41:20 UTC 2015
Is there documentation thst states explicitly which permissions are
granted to the Various built in roles?
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
-------- Original message --------
From: Rob Crittenden <rcritten at redhat.com>
Date: 11/05/2015 10:18 (GMT-05:00)
To: Freeipa-users at redhat.com, andrew.holway at gmail.com
Subject: Re: [Freeipa-users] Client enrolment user
> Andrew Holway wrote:
>> Some time ago I saw an article on how to set up a user that can only
>> enrol clients into freeipa.
>>
>> Does anyone have information on how to do this because we're currently
>> using the admin user and this is a bit scary.
>
> Create a role for enrolling hosts and add the privilege 'Host
> Enrollment' to it.
>
> Note that 'Host Enrollment' is VERY specific. It only enrolls host. It
> will not create host entries. If you want to be able to do that as well
> then you'll need the 'Add Hosts' permission. I guess I'd create a new
> privilege and add that permission, then add that privilege to the role
> you create.
>
> Some folks add the existing 'Host Administrators' privilege instead but
> IMHO that is a bit broad.
>
> rob
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
More information about the Freeipa-users
mailing list