On 02/17/2013 02:37 PM, Simo Sorce wrote:
> On Sat, 2013-02-16 at 13:31 +0000, Charlie Derwent wrote:
>> Bit late to the conversation here, but if you want another example of
>> quasi-system account within IPA, there is the need for a user to
>> automated enrollment/re-enrollment of servers.
> For this we should be able to use a service principal, not a full
> account. Unless for some reason you need this principal to show up as a
> user in the system (full posixAccount).
I do not think we have any permission setup in IPA for a service account
to perform any modification operations. It can be host account though
and we have permission mechanisms built into IdM to allow a host
(provisioning system or hypervisor) manage other hosts and services
running on them. It should be in the docs.
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list