On Thu, 2012-07-19 at 07:36 -0400, Stephen Gallagher wrote:
> On Thu, 2012-07-19 at 00:53 +0000, Steven Jones wrote:
> > Actually its pam....unless IPA is as well.
> > 
> > Which makes sense then to have an application run < 500 so inherently it 
> > cannot be logged into via ssh....
> 
> Well, it's possible to configure your system to allow logging in to
> users below 500, but it's not recommended. The real risk is of having
> system services with an ID that conflicts with a user.

In general we do not recommend to set ids on your own, let ipa choose
IDs unless you have a constraint that prevents you from letting that
happen.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to