On ma, 19 helmi 2018, Charles Hedrick wrote:
From the point of view of managing users, it would be nice to be able
to add it as a secondary principal for the user. It’s not important
enough for a major implementation effort.
We already support adding principal aliases:
kinit admin
ipa
From the point of view of managing users, it would be nice to be able to add it
as a secondary principal for the user. It’s not important enough for a major
implementation effort.
> On Feb 19, 2018, at 4:11 PM, Charles Hedrick via FreeIPA-users
> wrote:
>
Several staff and I have separate principals that we use for privileged
operations. Rather than completely separate users I would prefer things like
hedrick/admin, where it’s immediately obvious that they’re connected. In
general I don’t see why IPA should prevent me from using perfectly legal
I have two identifies, one a normal user and one with privileges in IPA. The
normal Kerberos convention is for them to be hedrick and hedrick/admin.
> On Feb 13, 2018, at 5:03 PM, Rob Crittenden wrote:
>
> Charles Hedrick via FreeIPA-users wrote:
>> There’s a convention of
Charles Hedrick via FreeIPA-users wrote:
> There’s a convention of creating admin instances for users, usually named
> user/admin. IPA doesn’t seem to allow such instances. Is there a way to make
> them work?
>
> As far as I can tell the instance can only be a hostname. That doesn’t seem
>
I can actually create a principal foo/admin by creating a user foo-admin and
change the principal. But kinit can’t use it, so it’s not terribly useful.
> On Feb 13, 2018, at 4:52 PM, Charles Hedrick wrote:
>
> There’s a convention of creating admin instances for users,