Hi, > On 20 Apr 2022, at 09:44, Jonathan Vaughn via FreeIPA-users > <[email protected]> wrote: > > We have some systems which are FreeIPA connected, but (most) users don't log > in as themselves, there's a local system account they use instead (simplifies > file ownership for website changes and such, for example). > > Is there a way to have their public keys automatically accepted for this > local user, via SSSD/FreeIPA, like it is if they log in as themselves? We > could just use a cron job to regenerate the authorized_keys from the keys in > LDAP, but if we can do it magically through an RBAC thing or something, that > would be ideal.
The best solution is to let them log in with their personal accounts and then set up sudo rules to let them impersonate the service accounts. That way you also keep proper audit logs on who impersonated which account when. Cheers, Sander _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
