On Аўт, 22 кас 2024, Ales Rozmarin via FreeIPA-users wrote:
Hi Rob,
Any update on this. I just tested latest FreeIPA, version: 4.11.0 on RockyLinux 9.4 and I can't disable or remove admin user. I can remove it form admins and trust admins group. But I would prefer if I could move him to persevered users.
Deleting or moving admin user or admins group is not supported. See warnings in the following sections:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-sin...
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-sin...
We are working on enabling FreeIPA deployments where an admin user can have no passwords at all, using only passwordless authentication methods. This is not complete yet.
However, even when that work is completed, removing/moving admin user and group will not be supported.