Orion Poplawski wrote:
On 02/15/2013 11:38 AM, John Dennis wrote:
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system
users
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing the issue.
He cited a backup user. That isn't tied to a daemon.
The original message said this:
I think the main issue we've run into is needing the apache user ...
And:
Another example is a backup user account that backup software logs in as.
Also some accounts that own files and some services run as that are
needed on multiple machines. I suppose we could use puppet to manage
those, but ldap seems more convenient.
In any case, it is probably reasonable to discuss these two cases
separately.
As John said, for pure system daemons it is probably best to leave those
as local accounts.
For quasi local accounts like mock or backup accounts things get a
little fuzzy. I think I would avoid storing the user in /etc/passwd and
the group in IPA, if possible. I imagine that sssd would be able to
handle the case ok but I don't know that this is something they actively
test.
Why do you want/need to distinguish them from "real" people?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
