[Freeipa-users] Client enrolment user
Andrew Holway
andrew.holway at gmail.com
Thu Nov 5 15:42:17 UTC 2015
Thanks!
On 5 November 2015 at 16:18, Rob Crittenden <rcritten at redhat.com> wrote:
> Andrew Holway wrote:
> > Some time ago I saw an article on how to set up a user that can only
> > enrol clients into freeipa.
> >
> > Does anyone have information on how to do this because we're currently
> > using the admin user and this is a bit scary.
>
> Create a role for enrolling hosts and add the privilege 'Host
> Enrollment' to it.
>
> Note that 'Host Enrollment' is VERY specific. It only enrolls host. It
> will not create host entries. If you want to be able to do that as well
> then you'll need the 'Add Hosts' permission. I guess I'd create a new
> privilege and add that permission, then add that privilege to the role
> you create.
>
> Some folks add the existing 'Host Administrators' privilege instead but
> IMHO that is a bit broad.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151105/204cb077/attachment.htm>
More information about the Freeipa-users
mailing list