In MIT land, one can potentially have multiple instances tied (by convention) 
to a given user (that is, that administratively one knows are the same set of 
eyeballs).  For example, I might have my normal user (hile), and I might have 
another distinct MIT principal hile/admin used when I’m doing administrative 
work in the kerb database, or potentially yet another hile/vpn for remote 
access.  Only the first of these is a ‘real’ user that needs to have a uid, 
gid, home directory, and shell; the others are just Kerberos principals that 
might have differing password policies applied to them.  In FreeIPA, it appears 
all kerberos principals are tied to a user (or to a host in the case of host/ 
or another service definition). Is it possible to define a non-posix user?  
There is no good reason for hile/admin@MY.REALM to have a uidNumber or 
gidNumber; one should never login directly using that principal.


 
--
Coy Hile
coy.h...@coyhile.com


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to