wiki v1

User Tools

Site Tools

Trace:
web_auth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

web_auth [2025/07/26 17:09] – - Imported by DokuWiki Advanced Plugin wikiadmweb_auth [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-====== Web Authentication ====== 
-<code bash> 
-# ipa permission-add 'userPassword service read' --attrs=userPassword --type=user --right=read 
-</code> 
  
-<code bash> 
-# ipa privilege-add 'Privilege web services' --desc='Privileges needed to allow web services to operate' 
-</code> 
- 
-<code bash> 
-# ipa privilege-add-permission 'Privilege web services' --permissions='userPassword service read' 
-</code> 
- 
-<code bash> 
-# ipa role-add 'Role web services' --desc="Web server role" 
-</code> 
- 
-<code bash> 
-# ipa role-add-privilege --privileges="Privilege web services" 'Role web services' 
-</code> 
- 
-<code bash> 
-# yes "@btjt(())22" | ipa user-add webadm --first=Web --last=Administrator --title="Enroll web services" --password 
-</code> 
- 
-<code bash> 
-# ipa user-mod webadm --user-auth-type=password 
-</code> 
- 
-<code bash> 
-# yes "@btjt(())22" | ipa user-mod webadm --password-expiration="2050-01-01Z" --password 
-</code> 
- 
-<code bash> 
-# ipa role-add-member 'Role web services' --users=webadm 
-</code> 
- 
-<code bash> 
-# ipa user-show webadm --all --raw 
-  dn: uid=webadm,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br 
-  uid: webadm 
-  givenname: Web 
-  sn: Administrator 
-  cn: Web Administrator 
-  initials: WA 
-  homedirectory: /home/webadm 
-  gecos: Web Administrator 
-  loginshell: /usr/bin/false 
-  krbcanonicalname: webadm@JUNTOTELECOM.COM.BR 
-  krbprincipalname: webadm@JUNTOTELECOM.COM.BR 
-  mail: webadm@juntotelecom.com.br 
-  uidnumber: 187600016 
-  gidnumber: 187600016 
-  title: Enroll web services 
-  ipauserauthtype: password 
-  nsaccountlock: FALSE 
-  has_password: TRUE 
-  has_keytab: TRUE 
-  displayName: Web Administrator 
-  ipaNTSecurityIdentifier: S-1-5-21-2731924211-1883941829-2112701219-1016 
-  ipaUniqueID: 50081d8e-bb2f-11ec-97aa-000c29ad9330 
-  krbExtraData: AAIX01Zicm9vdC9hZG1pbkBKVU5UT1RFTEVDT00uQ09NLkJSAA== 
-  krbLastPwdChange: 20220413134143Z 
-  krbPasswordExpiration: 20220413134143Z 
-  memberof: cn=Role web services,cn=roles,cn=accounts,dc=juntotelecom,dc=com,dc=br 
-  memberof: cn=ipausers,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br 
-  memberofindirect: cn=Privilege web services,cn=privileges,cn=pbac,dc=juntotelecom,dc=com,dc=br 
-  memberofindirect: cn=userPassword service read,cn=permissions,cn=pbac,dc=juntotelecom,dc=com,dc=br 
-  mepManagedEntry: cn=webadm,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br 
-  objectClass: top 
-  objectClass: person 
-  objectClass: organizationalperson 
-  objectClass: inetorgperson 
-  objectClass: inetuser 
-  objectClass: posixaccount 
-  objectClass: krbprincipalaux 
-  objectClass: krbticketpolicyaux 
-  objectClass: ipaobject 
-  objectClass: ipasshuser 
-  objectClass: ipaSshGroupOfPubKeys 
-  objectClass: mepOriginEntry 
-  objectClass: ipantuserattrs 
-  objectClass: ipauserauthtypeclass 
-</code> 
web_auth.1753560545.txt.gz · Last modified: by wikiadm