Yes. The idea behind this split is that whoever is able to create hosts holds
greater powers over DNS of your environment. When host is created it is added
to a DNS zone, this goes privilege could be used to disrupt your operations.
Enrolling the host is only setting the data on an existing object in LDAP.
----- Ronald Wimmer via FreeIPA-users <email@example.com>
> On 2017-06-04 17:41, Striker Leggette wrote:
> > If you meant what privileges on the IPA server a user enrolling new
> > hosts needs to have, I believe it is Host Enrollment and Host
> > Administrators. Enrollment gives access to enroll hosts, but to create
> > the host object, you need to be in Host Administrators.
> Perfect. Thanks a lot. This was the information I was looking for.
> "Host Enrollment" does only make sense if the host object already exists?
> FreeIPA-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
/ Alexander Bokovoy
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org