On 02/17/2013 02:37 PM, Simo Sorce wrote: > On Sat, 2013-02-16 at 13:31 +0000, Charlie Derwent wrote: >> >> Bit late to the conversation here, but if you want another example of >> a >> quasi-system account within IPA, there is the need for a user to >> handle >> automated enrollment/re-enrollment of servers. >> >> Charlie >> > For this we should be able to use a service principal, not a full > account. Unless for some reason you need this principal to show up as a > user in the system (full posixAccount). > > Simo. > I do not think we have any permission setup in IPA for a service account to perform any modification operations. It can be host account though and we have permission mechanisms built into IdM to allow a host (provisioning system or hypervisor) manage other hosts and services running on them. It should be in the docs.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users