On Аўт, 22 кас 2024, Alexander Bokovoy via FreeIPA-users wrote:
On Аўт, 22 кас 2024, Alexander Bokovoy via FreeIPA-users wrote:
On Аўт, 22 кас 2024, Ales Rozmarin via FreeIPA-users wrote:
Hi Rob,
Any update on this. I just tested latest FreeIPA, version: 4.11.0 on RockyLinux 9.4 and I can't disable or remove admin user. I can remove it form admins and trust admins group. But I would prefer if I could move him to persevered users.
Deleting or moving admin user or admins group is not supported. See warnings in the following sections:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-sin...
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-sin...
We are working on enabling FreeIPA deployments where an admin user can have no passwords at all, using only passwordless authentication methods. This is not complete yet.
However, even when that work is completed, removing/moving admin user and group will not be supported.
Forgot to add: I'll look into the 'disable' ticket soon.
Judging by https://issues.redhat.com/browse/RHEL-34757, referenced in the upstream ticket, it is going to be in RHEL 9.5, in 4.12.0-1.el9 or later.
As RHEL 9.5 is not yet released, CentOS 9 Stream can be used to judge the fix availability: 4.12.2-1.el9 is there: https://mirror.stream.centos.org/9-stream/AppStream/source/tree/Packages/ipa...