https://pagure.io/freeipa/issue/8878 provided a change to prevent the admin user from being deleted. The function check_protected_member() was updated to skip the group check and enforce that protected users aren't being changed.
The check for disabling the last admin should be restored.
$ ipa user-disable admin ipa: ERROR: user admin cannot be deleted/modified: privileged user
Metadata Update from @rcritten: - Issue assigned to rcritten
Hello, we use a FreeIPA (docker: freeipa/freeipa-server:rocky-9-4.10.2) based central auth-system for our VPN connection. The VPN endpoint is opened widely, now there is nonstop brute-force-attacking.
We have a high-security admin pw, but it would be better to disable admin account - is there a way to do so?
Regards, Bence
master:
ipa-4-11:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-34756, https://issues.redhat.com/browse/RHEL-34757
Log in to comment on this ticket.