1

We are setting up a deployment job from our continuous integration tool, and we have the need to shell into a Centos 7 box with an FreeIPA managed user and run a script as root.

Since this all has to happen from a script, we need a way to make it all happen without entering passwords. We can set up a key for the IPA user and they can shell in without a password (using the key), but I'm not sure how to then allow the IPA user to sudo the program as root.

We can't allow root or any other local users to SSH into the box. This must be done from an IPA user.

IPA is new to me, and I think this might involve some configuration with SSSD, but that is new to me as well.

I've tried to find solutions, and there are quite a few basic how to's on how to set up IPA access, and how to allow a local user to sudo with no password, but I can't find the info that I need.

Improve this question
5
  • I couldn't find a FreeIPA tag. Is there another appropriate tag? Does one need to be created? Commented Oct 14, 2016 at 15:00
  • Fist time I heard about this "IPA" but would password-less sudo be perhaps an option? Commented Oct 14, 2016 at 15:20
  • FreeIPA... We need to restrict the no-password option to one certain IPA user. Commented Oct 14, 2016 at 15:23
  • You can configure for which user/groups it's password-less. Commented Oct 14, 2016 at 15:25
  • Unless you know for a fact that it works with IPA users, I'd assume that the process isn't the same. These are network-authenticated users that have no local credentials or user accounts. Commented Oct 14, 2016 at 15:29

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.