[Freeipa-users] service account for ovirt
Martin Kosek
mkosek at redhat.com
Wed Nov 18 14:51:50 UTC 2015
On 11/18/2015 08:23 AM, Rob Verduijn wrote:
> Hello all,
>
> I've read a lot regarding service accounts on this mailinglist in the past.
> But it's rather unclear to me what is the current preffered method to
> create a service account for a service running on a different machine.
>
> In this case it would be a service account for ovirt so that freeipa
> users can authenticate in the ovirt portal using their freeipa
> credentials.
It sounds like that you do not want system user account, but you are OK with
service account so that you can get a keytab for your oVirt instance. In that
case, simple
$ ipa service-add HTTP/frontend.ovirt.test
and
$ ipa-getkeytab ...
should be enough, right?
Maybe I just do not understand the use case.
> I could ofcourse create an account and then apply a ldf to set its
> password expiration to the next millennium to make sure the password
> does not expire.
>
> Anybody who has a good suggestion on how to deal with this ?
>
> Cheers
> Rob Verduijn
>
More information about the Freeipa-users
mailing list