Re: [Freeipa-users] webmaster permission
On Fri, Jul 01, 2016 at 01:35:41PM +0200, Günther J. Niederwimmer wrote: > > CentOS 7.2 IPA 4.3.1 > 1 Server (extern) with Virtual Systems (KVM) installed. > DNSserver, Mailserver, Ipaserver,Webserver.. Is the IPA server running in a VM or on the host? > Now we like to have our Websystem on this Server This server meaning yet another VM, or directly on the host? > What is the best way to allow a external Webmaster to create or modify the > websites with joomla, and have the secure from IPA. Could you be more specific about the have the secure from IPA requirement? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] webmaster permission
Hello, Am Freitag, 1. Juli 2016, 13:43:35 CEST schrieb Petr Spacek: > On 1.7.2016 13:35, Günther J. Niederwimmer wrote: > > Hello, > > > > I am a newbie with IPA and have big Problems ;-), > > the "normal" Installation is working nice. :-)) > > > > But now I have a Problem ? > > > > CentOS 7.2 IPA 4.3.1 > > 1 Server (extern) with Virtual Systems (KVM) installed. > > DNSserver, Mailserver, Ipaserver,Webserver.. > > > > Now we like to have our Websystem on this Server > > > > What is the best way to allow a external Webmaster to create or modify the > > websites with joomla, and have the secure from IPA. > > > > Have any a hint or link for this Problem. > > Hi, > > it is strongly recommended to keep FreeIPA on a separate machine / VM and do > not mix it with anything else. FreeIPA should be considered as security > centre of your network and having additional applications under the same > operating system instance is potentially opening doors to attackers. > > My recommendation is to install a seperate VM for FreeIPA and another > separate VM for other applications. hello Petr, thanks for the answer, the install Structure is a VM with FreeIPA and enrolled clients for (VM) mailserver, httpserver, host, So my Problem is, the Webmaster permission, give only the Webserver and Joomla Thanks, -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] webmaster permission
On 1.7.2016 13:35, Günther J. Niederwimmer wrote: > Hello, > > I am a newbie with IPA and have big Problems ;-), > the "normal" Installation is working nice. :-)) > > But now I have a Problem ? > > CentOS 7.2 IPA 4.3.1 > 1 Server (extern) with Virtual Systems (KVM) installed. > DNSserver, Mailserver, Ipaserver,Webserver.. > > Now we like to have our Websystem on this Server > > What is the best way to allow a external Webmaster to create or modify the > websites with joomla, and have the secure from IPA. > > Have any a hint or link for this Problem. Hi, it is strongly recommended to keep FreeIPA on a separate machine / VM and do not mix it with anything else. FreeIPA should be considered as security centre of your network and having additional applications under the same operating system instance is potentially opening doors to attackers. My recommendation is to install a seperate VM for FreeIPA and another separate VM for other applications. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] webmaster permission
Hello, I am a newbie with IPA and have big Problems ;-), the "normal" Installation is working nice. :-)) But now I have a Problem ? CentOS 7.2 IPA 4.3.1 1 Server (extern) with Virtual Systems (KVM) installed. DNSserver, Mailserver, Ipaserver,Webserver.. Now we like to have our Websystem on this Server What is the best way to allow a external Webmaster to create or modify the websites with joomla, and have the secure from IPA. Have any a hint or link for this Problem. Thanks for a answer, -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project