Does IPA support the use of additional ACL's in kadm5.acl to allow custom tools to add Kerberos Principals

Solution Unverified - Updated -

Issue

  • adding principals using the gui works file.
  • ipa server-add works too
  • What happens to block me are most likely the kdc acl's
  • The tool im using to add principals (Hortonworks Ambari) is using direct kadmin commands.
  • We can probably fix this by extending the kadm5.acl file.
  • However before doing this we would like to verify if this is a supported way to add stuff to IPA.
  • And if not, what is the recommended way to deal with tooling that wants or needs to add principals and uses a generic way (kadmin commands) of doing so

Environment

  • Red Hat Enterprise Linux (RHEL) 7
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.