Thanks! On 5 November 2015 at 16:18, Rob Crittenden <rcrit...@redhat.com> wrote:
> Andrew Holway wrote: > > Some time ago I saw an article on how to set up a user that can only > > enrol clients into freeipa. > > > > Does anyone have information on how to do this because we're currently > > using the admin user and this is a bit scary. > > Create a role for enrolling hosts and add the privilege 'Host > Enrollment' to it. > > Note that 'Host Enrollment' is VERY specific. It only enrolls host. It > will not create host entries. If you want to be able to do that as well > then you'll need the 'Add Hosts' permission. I guess I'd create a new > privilege and add that permission, then add that privilege to the role > you create. > > Some folks add the existing 'Host Administrators' privilege instead but > IMHO that is a bit broad. > > rob >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project