[Freeipa-users] Read-only permission with no authentication

[Stephen Berg (Contractor)]

I'm trying to set up an account that will only have read permissions to 
FreeIPA's user and host info to get some automated documentation tasks 
running.  Basically I want to set up a cron job on a FreeIPA server that 
will read info using the ipa command line tools like "ipa user-find", 
"ipa user-show --all" and some of the host commands.  After it reads 
that info I can handle it in perl to maintain some documentation 
requirements.  But I don't want to be forced into saving a password 
anywhere along the way if I can avoid it.


Is there a way to set an account so it will be able to run those ipa 
commands in a read-only state but not have any authentication requirement?



--
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg@nrlssc.navy.mil

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Getting client status

[Stephen Berg (Contractor)]

I'm looking for a command line method to get current status on a client 
without having a ticket or authenticating to the IPA domain.


Back in the NIS days from a client you could run "ypwhich" and be able 
to know if that system were bound to the NIS and which server it had 
bound to.  So far I can't find a way to do a similar function in FreeIPA.


I'd to do this from a cron job on each client once a day.

We're running a mix of SciLinux 6.7 and 7.2.  The servers are all on 7.2 
running ipa VERSION: 4.2.0, API_VERSION: 2.156.


--
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg@nrlssc.navy.mil

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project