Yes. The idea behind this split is that whoever is able to create hosts holds greater powers over DNS of your environment. When host is created it is added to a DNS zone, this goes privilege could be used to disrupt your operations.
Enrolling the host is only setting the data on an existing object in LDAP. ----- Ronald Wimmer via FreeIPA-users <firstname.lastname@example.org> wrote: > On 2017-06-04 17:41, Striker Leggette wrote: > > If you meant what privileges on the IPA server a user enrolling new > > hosts needs to have, I believe it is Host Enrollment and Host > > Administrators. Enrollment gives access to enroll hosts, but to create > > the host object, you need to be in Host Administrators. > > Perfect. Thanks a lot. This was the information I was looking for. > > "Host Enrollment" does only make sense if the host object already exists? > _______________________________________________ > FreeIPA-users mailing list -- email@example.com > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- / Alexander Bokovoy _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org