Ryan Slominski via FreeIPA-users wrote: > I would like to be able to use the ipa command line interface, which > generally requires a Kerberos ticket. For example to add a user to a group - > I want to allow root to do anything the admin user can do. Perhaps I’m > overlooking something but simply using “su admin” won’t work because it > doesn’t kinit ticket.
You can create a user, add it to the admins group then use ipa-getkeytab to get a keytab for that user. # kinit -kt /path/to/keytab username profit rob > >> On Jul 27, 2018, at 3:23 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: >> >>> On pe, 27 heinä 2018, Ryan Slominski via FreeIPA-users wrote: >>> Hi Alexander, >>> I'm actually looking for a way to execute a command as local root >>> without being prompted for a password. My understanding is adding >>> an account for root to IPA is not a good idea as it would then be a >>> domain account. I don't see how I can add root to "admins" group >>> then. Also, I don't see how to add a service principal to a user >>> group. What are my options? >> Can you show examples of what you'd like to achieve. "Execute a command >> as local root" sounds unrelated to IPA commands. >> >> Can you demonstrate what you'd like to achieve without IPA in use? >> Do you simply want 'sudo /some/path/to/command' without password asked? >> >> -- >> / Alexander Bokovoy >> Sr. Principal Software Engineer >> Security / Identity Management Engineering >> Red Hat Limited, Finland > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/AJNYJFBC7VJ5LFDZGCI774VDXPVWPYFQ/ > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/O7ORRL7HYBK56UKPSY4GPSQFD4DN4KLN/
