[katello-devel] Superadmin user
Todd B Sanders
tsanders at redhat.com
Thu May 26 12:01:25 UTC 2011
On 05/26/2011 07:31 AM, Ohad Levy wrote:
> On Thu, 2011-05-26 at 07:05 -0400, Todd B Sanders wrote:
>> This approach is similar to what's in current satellite, using PAM
>> for
>> external authentication. But honestly, we get push back from
>> customers
>> having to manage users in multiple places. I'd prefer an approach
>> where
>> accounts are either internal or external, not both.
>>
> The main reasons I've added internal user data were:
>
> 1. additional properties (timezone, permissions etc)
> 2. nested usergroup (something that ldap cant do at the moment)
> 3. community asked for a simple built in account management (not always
> ldap/AD).
>
> to ensure synchronization between accounts, every time a user logs in,
> we take the values from ldap/AD and refresh the local db (i.e. if the
> email address was changed).
>
> when deleting an account, who owns the machines then? in foreman, you
> can't delete an account who owns hosts (direct ownership)...
> but in any case, the account can't be used if the user can't
> authenticate.
>
> Ohad
>
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
Makes sense. I didn't catch the sync process in the original thread.
As long as we are handling the the burden of having to maintain similar
information, and allowing management in one place.....this will
alleviate my concerns.
-Todd
More information about the katello-devel
mailing list