#3164 [RFE] Support delegating RBAC roles to service principals
Closed: Fixed None Opened 11 years ago by simo.

This is so that some service identities and their keytabs can be used to perform operations against the ipa framework (for example a dhcp server may have a custom script to add information to ipa).

This can be done by allowing to add service objects to roles.


Might be related to DHCP integration.

Might be needed for SMART proxy.

This would be ease implementation of DNSSEC support and improve code maintainability.

This is also needed for the Foreman smart proxy. Right now it uses a user account which is suboptimal.

Linking to main PermissionsV2 bug.

master:

  • 8fabd6d Support delegating RBAC roles to service principals
  • a8ba6b3 service: Normalize service principal in get_dn

ipa-4-1:

  • e5b78c2 Support delegating RBAC roles to service principals
  • e497688 service: Normalize service principal in get_dn

Web UI follow up ticket created: #4507.

Metadata Update from @simo:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.1

7 years ago

Login to comment on this ticket.

Metadata