On 11/18/2015 08:23 AM, Rob Verduijn wrote:
> Hello all,
> I've read a lot regarding service accounts on this mailinglist in the past.
> But it's rather unclear to me what is the current preffered method to
> create a service account for a service running on a different machine.
> In this case it would be a service account for ovirt so that freeipa
> users can authenticate in the ovirt portal using their freeipa
It sounds like that you do not want system user account, but you are OK with
service account so that you can get a keytab for your oVirt instance. In that
$ ipa service-add HTTP/frontend.ovirt.test
$ ipa-getkeytab ...
should be enough, right?
Maybe I just do not understand the use case.
> I could ofcourse create an account and then apply a ldf to set its
> password expiration to the next millennium to make sure the password
> does not expire.
> Anybody who has a good suggestion on how to deal with this ?
> Rob Verduijn
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project