Hi! My FreeIPA deployment is a part of PCI cardholder data environment.
Hence, I have to comply with with the requirements such as 8.1.1 (assign unique ID to each user) and 8.5 (do not use generic or shared IDs). I would like to move this user under service accounts (it may still be used by chef/puppet to run the recipes etc), but I don't see how it is even possible. I tried recreating this user under cn=sysaccounts,cn=etc and removing the following object classes, but this breaks everything. objectClass: top objectClass: person objectClass: posixaccount objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys How can I pull this off? Did anybody pass PCI DSS audit (for real, I'm not talking about sloppy QSAs) using FreeIPA as an IdM solution? Best regards, Marat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project