[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 17:32:24 UTC 2013
On 02/15/2013 09:45 AM, Petr Viktorin wrote:
> On 02/15/2013 05:36 PM, Orion Poplawski wrote:
>> Is there a recommended way to distinguish between "real" human user
>> accounts in IPA and non-human "system" accounts in IPA?
>>
>
> What kind of system accounts do you have in IPA? Consider not storing them in
> IPA at all.
>
Yeah, that seems like the better idea, but:
I think the main issue we've run into is needing the apache user to be a
member of groups in ldap, and that not working unless the apache user was in
ldap as well.
Another example is a backup user account that backup software logs in as.
Also some accounts that own files and some services run as that are needed on
multiple machines. I suppose we could use puppet to manage those, but ldap
seems more convenient.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list