-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/09/12 13:39, Rob Crittenden wrote: > Dale Macartney wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Afternoon all >> >> I have a demo lab set up with RHEV 3.0 and IPA running on RHEL 6.3 ( >> ipa-server-2.2-16) >> >> I have an api script that handles all my deployments and I am trying to >> set up a role account for my script to run within a jenkins environment. >> >> I have created an ldap sysaccount, however that doesn't appear in the >> RHEV users list when I do a search. So its clear its looking for >> specific IPA users. >> >> Is there a way (or on the roadmap), to create service/role accounts in >> IPA where the password doesn't expire? >> >> I'm trying to avoid scenarios like this >> >> https://access.redhat.com/knowledge/solutions/67562 >> >> Any comments / suggestions are welcome >> >> Thanks everyone >> >> Dale >> > > A work-around is to set krbpasswordexpiration of the user somewhere far in the future to prevent expiration. That'll work.. Do I need to do anything fancy though? I tried running the below on a new user called rhev-build but it keeps erroring out. I know I have a current TGT otherwise I wouldn't be able to add the user in the first place. [root@ds01 ~]# ipa user-mod rhev-build --setattr=krbPasswordExpiration=20131231011529Z ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'krbPasswordExpiration' attribute of entry 'uid=rhev-build,cn=users,cn=accounts,dc=example,dc=com'. [root@ds01 ~]# > > We have a ticket open on this, https://fedorahosted.org/freeipa/ticket/2111, currently targeted for IPA 3.3. Good to know its on its way. This is a demo lab so setting a long password expiry addresses my needs. > > rob -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQR2UNAAoJEAJsWS61tB+qAkEQAIc5mY45SckcSw97SOCIdbKE TDEX5Fl40EYPX7uqwJRa0VFtQukslpL2U9oQMyYY7uCA8KxNh7RbffgJVZb7H588 qGvrsOcK3zLt6lXkxJdIV/YsupkA23HDJgomZHLchwoBEQmwfioz3dguEdIt+lFt X9x6ZN80PV6K2BrOtKmUAGUB/yjFCZyImIqTUxi/uZU+Pf64KHA0bPcJFbi2+JI7 pZytlxmXKFKjks8650Mb+RJsDw+lb8k7fqV9TnwjmQGOYHjrK89znIwoSosPTzGJ r6oI1PCNKWwWFzC3UeNx6TSBBfNlGRdm6a+EuWzq50LzrhYzp7NWudtX4Hu6C7we bpG/umQaaHTlLzK/MGon0RH8Q20foaJCDALBhQk1S7IFmVgtjWraTaxCwtio1d2v CHPFSpe4v+Gl/JypU42V+2nC5qBLYkeAukEKjhHOVPcbS04lZpy2nfJjWMEOBTXo ow2tUCMkPHojE5qQl1DM7pzb2luW3wARTtBnpMNtHnaLz++VwbH6vW6J6MZCCFnu yBtJ8vuClYobdVzh6NLlQCpCn5zGopkIDFO25VUoPqMgfRH8v9TlkNb1VKOIB/3u 4GaYeNX3k7weG6UFyReKCA2QSOqh8r2RjaW0s9vuPvk0l5yka0jmrojog6bfZDDm 7KJE5xzMlLXdqu+Ivo+D =P57b -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
