Hi Alexander,

I did some experimenting with the example at
am now able to create a user using the following as input to curl (-d
@user_add.json) :


I'm left with two questions :
- Is it possible to use a hashed password (as stored in the 'meta-IM') as a
value for userpassword? And if so, will this propagate to the created
Kerberos principal?
- After creation, I'm forced to change the password when running `kinit
test`. Is it possible to reset prevent the forced password change? As a
test, I tried to set the '-needchange' attribute using kadmin but that
returned "... Insufficient access while modifying..."

I grepped the mailing list archives / API.txt / source code / etc. for
clues but without success...


On Tue, Jun 5, 2012 at 12:51 PM, Alexander Bokovoy <aboko...@redhat.com>wrote:

> On Tue, 05 Jun 2012, Willem Bos wrote:
>> Hi Alexander,
>> Thanks for your quick response.
>> Yes, the server on which the external IM environment is hosted does not
>> have the ipa utils available. As a matter of fact, the server might even
>> be
>> hosted off-site. We're just beginning to explore IM solutions for our
>> environment and the most likely architecture is a 'meta-IM' service that
>> provisions platform specific IM's like AD, Oracle's Internet Directory and
>> IPA. It will probably be a requirement that the meta-IM is to provision
>> IPA
>> directly (instead of Meta-IM -> AD -> IPA).
>> The JASON interface looks promising, I will certainly try the example
>> provided. Would user_add be the suitable command to use? It's the obvious
>> candidate, but I just want to make sure...
> Yes, user_add is the command.
> --
> / Alexander Bokovoy
Freeipa-users mailing list

Reply via email to