On Thu, Jan 24, 2013 at 10:51 PM, KodaK <sako...@gmail.com> wrote:
> I have a need to have certain mission critical application accounts
> non-expiring (people don't log in directly, but if the accounts expire
> it could stop production jobs.)

Without knowing anything about this particular case, could you not use
a service account autheticated with a keytab? I have succesfully used
this for authenticating webapps to postgresql, you just need to
schedule a renewal of the ticket in cron and use the $KRB5CCNAME
environment variable to point to the right place. It was surprisingly
easy and works very well.


Freeipa-users mailing list

Reply via email to