[Freeipa-users] Client enrolment user
Rob Crittenden
rcritten at redhat.com
Thu Nov 5 18:51:40 UTC 2015
Coy Hile wrote:
>
>
> Is there documentation thst states explicitly which permissions are
> granted to the Various built in roles?
No but it is easy enough to determine using either the UI or cli.
The provided roles are more of an example than anything. If there are
specific role suggestions they would be seriously entertained.
rob
>
>
> Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
>
> -------- Original message --------
> From: Rob Crittenden <rcritten at redhat.com>
> Date: 11/05/2015 10:18 (GMT-05:00)
> To: Freeipa-users at redhat.com, andrew.holway at gmail.com
> Subject: Re: [Freeipa-users] Client enrolment user
>
>> Andrew Holway wrote:
>>> Some time ago I saw an article on how to set up a user that can only
>>> enrol clients into freeipa.
>>>
>>> Does anyone have information on how to do this because we're currently
>>> using the admin user and this is a bit scary.
>>
>> Create a role for enrolling hosts and add the privilege 'Host
>> Enrollment' to it.
>>
>> Note that 'Host Enrollment' is VERY specific. It only enrolls host. It
>> will not create host entries. If you want to be able to do that as well
>> then you'll need the 'Add Hosts' permission. I guess I'd create a new
>> privilege and add that permission, then add that privilege to the role
>> you create.
>>
>> Some folks add the existing 'Host Administrators' privilege instead but
>> IMHO that is a bit broad.
>>
>> rob
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
More information about the Freeipa-users
mailing list