[Freeipa-users] Re: disable admin user in FreeIPA 4.10.2

Tue, 22 Oct 2024 00:43:51 -0700 

On Аўт, 22 кас 2024, Alexander Bokovoy via FreeIPA-users wrote:

On Аўт, 22 кас 2024, Alexander Bokovoy via FreeIPA-users wrote:

On Аўт, 22 кас 2024, Ales Rozmarin via FreeIPA-users wrote:

Hi Rob,

Any update on this. I just tested latest FreeIPA, version: 4.11.0 on
RockyLinux 9.4 and I can't disable or remove admin user. I can remove
it form admins and trust admins group. But I would prefer if I could
move him to persevered users.


Deleting or moving admin user or admins group is not supported. See
warnings in the following sections:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#user-life-cycle_managing-idm-users-using-the-command-line

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#the-different-group-types-in-idm_managing-user-groups-in-idm-cli

We are working on enabling FreeIPA deployments where an admin user can have
no passwords at all, using only passwordless authentication methods.
This is not complete yet.

However, even when that work is completed, removing/moving admin user
and group will not be supported.


Forgot to add: I'll look into the 'disable' ticket soon.


Judging by https://issues.redhat.com/browse/RHEL-34757, referenced in
the upstream ticket, it is going to be in RHEL 9.5, in 4.12.0-1.el9 or
later.

As RHEL 9.5 is not yet released, CentOS 9 Stream can be used to judge
the fix availability: 4.12.2-1.el9 is there:
https://mirror.stream.centos.org/9-stream/AppStream/source/tree/Packages/ipa-4.12.2-1.el9.src.rpm

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to