User Account Management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi again

Thanks for the suggestions re the ACI - I managed to resolve that part,
but now have hit yet another wall with the "interesting" way in which
our accounts are set up.

As I stated, we have a service desk that manage all the user accounts,
however, I've just been reliably informed that they are only going to be
managing the password resets of any user accounts, and that a subgroup
of the department I'm building the directory for, will actually be
creating the user accounts.

Here's where it gets interesting - although the subgroup will be
creating the accounts, they will not be permitted to reset any passwords
hence I'm now in a confusing place.

I've looked at the ACIs and the service desk part was easy enough to
achieve, I thought the other part would be as simple as denying write
permission to the userpassword attribute, but this doesnt work as I'm
assuming setting the password at user creation is effectively a form of
write to the attribute.

The question therefore, is can you allow a person/group to be able to
create user accounts, but not have the ability to modify the password
attribute after its created. I'd like to trust the users not to be
resetting passwords on their own, however we need to have an auditable
trail of the user permissions that details this.

Thanks in advance for any help (and for the help supplied so far!)

Darren 
This e-mail and any attachments may be confidential or legally
privileged.If you received this message in error or are not the intended
recipient, you should destroy the email message and any attachments or
copies, and you are prohibited from retaining, distributing, disclosing
or using any information contained herein. Please inform us of the
erroneous delivery by return e-mail. Thank you for your co-operation.

Mercer Human Resource Consulting Limited is authorised and regulated by
the Financial Services Authority. Registered in England No. 984275.
Registered Office: 1 Tower Place West, Tower Place, London, EC3R 5BU.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20070309/22d90950/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux