Does IPA support the use of additional ACL's in kadm5.acl to allow custom tools to add Kerberos Principals

Solution Unverified - Updated -

Issue

  • adding principals using the gui works file.
  • ipa server-add works too
  • What happens to block me are most likely the kdc acl's
  • The tool im using to add principals (Hortonworks Ambari) is using direct kadmin commands.
  • We can probably fix this by extending the kadm5.acl file.
  • However before doing this we would like to verify if this is a supported way to add stuff to IPA.
  • And if not, what is the recommended way to deal with tooling that wants or needs to add principals and uses a generic way (kadmin commands) of doing so

Environment

  • Red Hat Enterprise Linux (RHEL) 7
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content