mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
3e715a04cf
to edit other users (the Edit link won't appear otherwise). Additional delegation is need to grant permission to individual attributes. Update the failed login page to indicate that it is a permission issue. Don't allow access to policy at all for non-admins. By default users can only edit themselves. |
||
|---|---|---|
| .. | ||
| share | ||
| ipa-server-install | ||
| ipa-server-setupssl | ||
| Makefile.am | ||
| README | ||
Required packages:
krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
PyKerberos
python-krbV
Installation example:
TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
fixed.
Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.
Things done as root are denoted by #. Things done as a unix user are denoted
by %.
# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch
Now to do the installation.
# cd freeipa
# make install
To start an interactive installation use:
# /usr/sbin/ipa-server-install
For more verbose output add the -d flag run the command with -h to see all options
You have a basic working system with one super administrator (named admin).
To create another administrative user:
% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins
An admin user is just a regular user in the group admin.
Now you can destroy the old ticket and log in as test:
% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test