[Freeipa-users] Moving default "admin" user to service accounts
Marat Vyshegorodtsev
marat.vyshegorodtsev at gmail.com
Thu Jan 28 02:27:41 UTC 2016
Hi!
My FreeIPA deployment is a part of PCI cardholder data environment.
Hence, I have to comply with with the requirements such as 8.1.1
(assign unique ID to each user) and 8.5 (do not use generic or shared
IDs).
I would like to move this user under service accounts (it may still be
used by chef/puppet to run the recipes etc), but I don't see how it is
even possible.
I tried recreating this user under cn=sysaccounts,cn=etc and removing
the following object classes, but this breaks everything.
objectClass: top
objectClass: person
objectClass: posixaccount
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
How can I pull this off? Did anybody pass PCI DSS audit (for real, I'm
not talking about sloppy QSAs) using FreeIPA as an IdM solution?
Best regards,
Marat
More information about the Freeipa-users
mailing list