On 02/15/2013 09:45 AM, Petr Viktorin wrote:
On 02/15/2013 05:36 PM, Orion Poplawski wrote:
Is there a recommended way to distinguish between "real" human user
accounts in IPA and non-human "system" accounts in IPA?
What kind of system accounts do you have in IPA? Consider not storing them in
IPA at all.
Yeah, that seems like the better idea, but:
I think the main issue we've run into is needing the apache user to be a
member of groups in ldap, and that not working unless the apache user was in
ldap as well.
Another example is a backup user account that backup software logs in as.
Also some accounts that own files and some services run as that are needed on
multiple machines. I suppose we could use puppet to manage those, but ldap
seems more convenient.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 http://www.nwra.com
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users