On Thu, Jan 24, 2013 at 10:51 PM, KodaK <sako...@gmail.com> wrote:
> I have a need to have certain mission critical application accounts
> non-expiring (people don't log in directly, but if the accounts expire
> it could stop production jobs.)

Without knowing anything about this particular case, could you not use
a service account autheticated with a keytab? I have succesfully used
this for authenticating webapps to postgresql, you just need to
schedule a renewal of the ticket in cron and use the $KRB5CCNAME
environment variable to point to the right place. It was surprisingly
easy and works very well.

--
groet,
natxo

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to