On 11/18/2015 08:23 AM, Rob Verduijn wrote:
> Hello all,
> I've read a lot regarding service accounts on this mailinglist in the past.
> But it's rather unclear to me what is the current preffered method to
> create a service account for a service running on a different machine.
> In this case it would be  a service account for ovirt so that freeipa
> users can authenticate in the ovirt portal using their freeipa
> credentials.

It sounds like that you do not want system user account, but you are OK with
service account so that you can get a keytab for your oVirt instance. In that
case, simple

$ ipa service-add HTTP/frontend.ovirt.test
$ ipa-getkeytab ...
should be enough, right?

Maybe I just do not understand the use case.

> I could ofcourse create an account and then apply a ldf to set its
> password expiration to the next millennium to make sure the password
> does not expire.
> Anybody who has a good suggestion on how to deal with this ?
> Cheers
> Rob Verduijn

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to