We have an absurdly complex multi-domain/multi-child AD forrest tied together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa hbactest" command is fantastic at "proving" out if something should or should not work.
I currently "kinit admin" before running these commands but would like to be able to pass this 'power' on to other people, including project managers and other folks that I would not trust with direct IPA privileges that would let them accidentally do dangerous things :)
Has anyone set up an IPA user with read-only access or otherwise set up a locked down role so that a user can only run "ipa hbactest ..." type commands? Looking for sensible tips and guidance on spreading some IPA powers around to people that I would not normally want having higher level privileges.
Thanks! Chris _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org