I would like to be able to use the ipa command line interface, which generally requires a
Kerberos ticket. For example to add a user to a group - I want to allow root to do
anything the admin user can do. Perhaps I’m overlooking something but simply using “su
admin” won’t work because it doesn’t kinit ticket.
On Jul 27, 2018, at 3:23 PM, Alexander Bokovoy
<abokovoy(a)redhat.com> wrote:
> On pe, 27 heinä 2018, Ryan Slominski via FreeIPA-users wrote:
> Hi Alexander,
> I'm actually looking for a way to execute a command as local root
> without being prompted for a password. My understanding is adding
> an account for root to IPA is not a good idea as it would then be a
> domain account. I don't see how I can add root to "admins" group
> then. Also, I don't see how to add a service principal to a user
> group. What are my options?
Can you show examples of what you'd like to achieve. "Execute a command
as local root" sounds unrelated to IPA commands.
Can you demonstrate what you'd like to achieve without IPA in use?
Do you simply want 'sudo /some/path/to/command' without password asked?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland