My FreeIPA deployment is a part of PCI cardholder data environment.

Hence, I have to comply with with the requirements such as 8.1.1
(assign unique ID to each user) and 8.5 (do not use generic or shared

I would like to move this user under service accounts (it may still be
used by chef/puppet to run the recipes etc), but I don't see how it is
even possible.

I tried recreating this user under cn=sysaccounts,cn=etc and removing
the following object classes, but this breaks everything.
objectClass: top
objectClass: person
objectClass: posixaccount
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys

How can I pull this off? Did anybody pass PCI DSS audit (for real, I'm
not talking about sloppy QSAs) using FreeIPA as an IdM solution?

Best regards,

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to