Shan Kumaraswamy wrote:
> Simo,
> Thanks for your mail, we already installed and configured freeIPA in
> please, but my admin group asking one AD user will have complete root
> priviliage and log in to entire RHEL infrastrcuture, and RHEL servers
> local root will be disabled. So only one user will be login and do any
> changes, rest of the local system users will be disabled.
>  
This centrally managed IPA user should be given privileges via sudo as
Simo pointed out.
Then local users can be disabled (or better use long and strong
passwords just in case you need to do some recovery work at the console).
If you are concerned about the case when the client can get offline then
consider using SSSD on the client.

Thanks
Dmitri
> Regards,
> Shan Kumaraswamy
>
> On Mon, Jan 11, 2010 at 4:49 PM, Simo Sorce <sso...@redhat.com
> <mailto:sso...@redhat.com>> wrote:
>
>     On Mon, 11 Jan 2010 10:58:17 +0300
>     Shan Kumaraswamy <shan.sys...@gmail.com
>     <mailto:shan.sys...@gmail.com>> wrote:
>
>     > Dear All,
>     >
>     > Can any of one could provide me the detail steps of how the AD
>     > accounts would be granted root privileges on RHEL servers using IPA?
>     >
>     > Thanks in Advance.
>     >
>     > Regards,
>     >
>     > Shan Kumaraswamy
>
>     The best way is to provide sudo access for the users you want to grant
>     root privs to.
>
>     Simo.
>
>     --
>     Simo Sorce * Red Hat, Inc * New York
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> -- 
> Thanks & Regards
> Shan Kumaraswamy
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to