I would like to be able to use the ipa command line interface, which generally requires a Kerberos ticket. For example to add a user to a group - I want to allow root to do anything the admin user can do. Perhaps I’m overlooking something but simply using “su admin” won’t work because it doesn’t kinit ticket.
> On Jul 27, 2018, at 3:23 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > >> On pe, 27 heinä 2018, Ryan Slominski via FreeIPA-users wrote: >> Hi Alexander, >> I'm actually looking for a way to execute a command as local root >> without being prompted for a password. My understanding is adding >> an account for root to IPA is not a good idea as it would then be a >> domain account. I don't see how I can add root to "admins" group >> then. Also, I don't see how to add a service principal to a user >> group. What are my options? > Can you show examples of what you'd like to achieve. "Execute a command > as local root" sounds unrelated to IPA commands. > > Can you demonstrate what you'd like to achieve without IPA in use? > Do you simply want 'sudo /some/path/to/command' without password asked? > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/AJNYJFBC7VJ5LFDZGCI774VDXPVWPYFQ/
