[Freeipa-users] Re: user/admin

On ma, 19 helmi 2018, Charles Hedrick wrote: From the point of view of managing users, it would be nice to be able to add it as a secondary principal for the user. It’s not important enough for a major implementation effort. We already support adding principal aliases: kinit admin ipa

[Freeipa-users] Re: user/admin

From the point of view of managing users, it would be nice to be able to add it as a secondary principal for the user. It’s not important enough for a major implementation effort. > On Feb 19, 2018, at 4:11 PM, Charles Hedrick via FreeIPA-users > wrote: >

[Freeipa-users] Re: user/admin

Several staff and I have separate principals that we use for privileged operations. Rather than completely separate users I would prefer things like hedrick/admin, where it’s immediately obvious that they’re connected. In general I don’t see why IPA should prevent me from using perfectly legal

[Freeipa-users] Re: user/admin

I have two identifies, one a normal user and one with privileges in IPA. The normal Kerberos convention is for them to be hedrick and hedrick/admin. > On Feb 13, 2018, at 5:03 PM, Rob Crittenden wrote: > > Charles Hedrick via FreeIPA-users wrote: >> There’s a convention of

[Freeipa-users] Re: user/admin

Charles Hedrick via FreeIPA-users wrote: > There’s a convention of creating admin instances for users, usually named > user/admin. IPA doesn’t seem to allow such instances. Is there a way to make > them work? > > As far as I can tell the instance can only be a hostname. That doesn’t seem >

[Freeipa-users] Re: user/admin

I can actually create a principal foo/admin by creating a user foo-admin and change the principal. But kinit can’t use it, so it’s not terribly useful. > On Feb 13, 2018, at 4:52 PM, Charles Hedrick wrote: > > There’s a convention of creating admin instances for users,