On 11/18/2015 08:23 AM, Rob Verduijn wrote: > Hello all, > > I've read a lot regarding service accounts on this mailinglist in the past. > But it's rather unclear to me what is the current preffered method to > create a service account for a service running on a different machine. > > In this case it would be a service account for ovirt so that freeipa > users can authenticate in the ovirt portal using their freeipa > credentials.
It sounds like that you do not want system user account, but you are OK with service account so that you can get a keytab for your oVirt instance. In that case, simple $ ipa service-add HTTP/frontend.ovirt.test and $ ipa-getkeytab ... should be enough, right? Maybe I just do not understand the use case. > I could ofcourse create an account and then apply a ldf to set its > password expiration to the next millennium to make sure the password > does not expire. > > Anybody who has a good suggestion on how to deal with this ? > > Cheers > Rob Verduijn > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project