On Аўт, 22 кас 2024, Ales Rozmarin via FreeIPA-users wrote:
Hi Rob,
Any update on this. I just tested latest FreeIPA, version: 4.11.0 on
RockyLinux 9.4 and I can't disable or remove admin user. I can remove
it form admins and trust admins group. But I would prefer if I could
move him to persevered users.
Deleting or moving admin user or admins group is not supported. See
warnings in the following sections:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#user-life-cycle_managing-idm-users-using-the-command-line
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#the-different-group-types-in-idm_managing-user-groups-in-idm-cli
We are working on enabling FreeIPA deployments where an admin user can have
no passwords at all, using only passwordless authentication methods.
This is not complete yet.
However, even when that work is completed, removing/moving admin user
and group will not be supported.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
