Ryan Slominski via FreeIPA-users wrote:
I would like to be able to use the ipa command line interface, which
generally requires a Kerberos ticket. For example to add a user to a group - I want to
allow root to do anything the admin user can do. Perhaps I’m overlooking something but
simply using “su admin” won’t work because it doesn’t kinit ticket.
You can create a user, add it to the admins group then use ipa-getkeytab
to get a keytab for that user.
# kinit -kt /path/to/keytab username
profit
rob
> On Jul 27, 2018, at 3:23 PM, Alexander Bokovoy <abokovoy(a)redhat.com> wrote:
>
>> On pe, 27 heinä 2018, Ryan Slominski via FreeIPA-users wrote:
>> Hi Alexander,
>> I'm actually looking for a way to execute a command as local root
>> without being prompted for a password. My understanding is adding
>> an account for root to IPA is not a good idea as it would then be a
>> domain account. I don't see how I can add root to "admins" group
>> then. Also, I don't see how to add a service principal to a user
>> group. What are my options?
> Can you show examples of what you'd like to achieve. "Execute a command
> as local root" sounds unrelated to IPA commands.
>
> Can you demonstrate what you'd like to achieve without IPA in use?
> Do you simply want 'sudo /some/path/to/command' without password asked?
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...