[katello-devel] Superadmin user
Ohad Levy
ohadlevy at redhat.com
Thu May 26 11:31:18 UTC 2011
On Thu, 2011-05-26 at 07:05 -0400, Todd B Sanders wrote:
>
> This approach is similar to what's in current satellite, using PAM
> for
> external authentication. But honestly, we get push back from
> customers
> having to manage users in multiple places. I'd prefer an approach
> where
> accounts are either internal or external, not both.
>
The main reasons I've added internal user data were:
1. additional properties (timezone, permissions etc)
2. nested usergroup (something that ldap cant do at the moment)
3. community asked for a simple built in account management (not always
ldap/AD).
to ensure synchronization between accounts, every time a user logs in,
we take the values from ldap/AD and refresh the local db (i.e. if the
email address was changed).
when deleting an account, who owns the machines then? in foreman, you
can't delete an account who owns hosts (direct ownership)...
but in any case, the account can't be used if the user can't
authenticate.
Ohad
More information about the katello-devel
mailing list