William wrote:
> On Tue, 2014-08-12 at 13:51 -0400, Rob Crittenden wrote:
>> William wrote:
>>> Hi,
>>>
>>> I am trying to allow a radius service account the ability to read
>>> ipaNTHash. I carried out the following steps:
>>>
> 
>>
>> You can't delegate permissions to a service. See
>> https://fedorahosted.org/freeipa/ticket/3644
>>
>> rob
> 
> 
> For now, should I just add the service DN as a member of the role to
> enable this? 
> 

Theoretically if you add the service as a member in the role using
ldapmodify then yes, it should work functionally. What the IPA framework
would do with this is another matter. Worst case it would blow up
whenever trying to retrieve this role/privilege/permission/service (or a
combination).

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to