Actually this for me anyway is exactly what IPA should be for....its security,  
its centrally managed and it saves workload.

Doing this across 200+ servers needs to be centralised or IPA becomes 
pointless, very limited ie one point password, add and remove users (oh big 
deal I can use salt to do that in effect). As I'd have to do IPA stuff and then 
local....its saves me little if anything in work / automation.

Now if it doesn't do this well OK, but half my problem is determining what IPA 
can and cant do, the devil is in the detail as they say.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272


You can lock that down in the sudoers config and you can lock the su 
permissions to the wheel group via the local configuration files in 
/etc/security or via the pam module. either way you need to add in 
configuration file managment, which is not what freeipa is for.

Freeipa-users mailing list

Reply via email to