Actually this for me anyway is exactly what IPA should be for....its security,
its centrally managed and it saves workload.
Doing this across 200+ servers needs to be centralised or IPA becomes
pointless, very limited ie one point password, add and remove users (oh big
deal I can use salt to do that in effect). As I'd have to do IPA stuff and then
local....its saves me little if anything in work / automation.
Now if it doesn't do this well OK, but half my problem is determining what IPA
can and cant do, the devil is in the detail as they say.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
You can lock that down in the sudoers config and you can lock the su
permissions to the wheel group via the local configuration files in
/etc/security or via the pam module. either way you need to add in
configuration file managment, which is not what freeipa is for.
Freeipa-users mailing list