On Mon, 2012-03-26 at 23:03 +, Steven Jones wrote:
> Hi,
>
> No I was confused, I thought you meant there were some function that
> the DM held that could be delegated. I expect that the admin user
> will be deleted as that's an attack vector (however obscure/indirect).
If you delete the adm
n Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Setting a new directory manager password
On 03/26/2012 05:36 PM, Steven Jones wrote:
> Hi,
>
> What needs to be delegated?
May be I misread what you trying to accomplish.
Are you talking about DM password or admin account passwo
ington, NZ
>
> 0064 4 463 6272
>
>
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
> behalf of Dmitri Pal [d...@redhat.com]
> Sent: Tuesday, 27 March 2012 10:34 a.m.
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Setting
...@redhat.com]
Sent: Tuesday, 27 March 2012 10:34 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Setting a new directory manager password
On 03/26/2012 05:28 PM, Steven Jones wrote:
> Hi,
>
> Our policy is to have the security manager hold the top most password of AD.
>
On 03/26/2012 03:28 PM, Steven Jones wrote:
Hi,
Our policy is to have the security manager hold the top most password of AD.
There is a requirement that we do the same thing for IPA if possible/practical.
So, is there any reason apart from resetting the admin password or replication
that I wo
On 03/26/2012 05:28 PM, Steven Jones wrote:
> Hi,
>
> Our policy is to have the security manager hold the top most password of AD.
> There is a requirement that we do the same thing for IPA if
> possible/practical.
>
> So, is there any reason apart from resetting the admin password or
> replicat
Hi,
Our policy is to have the security manager hold the top most password of AD.
There is a requirement that we do the same thing for IPA if possible/practical.
So, is there any reason apart from resetting the admin password or replication
that I would ever need this password in a day to day co