guilhem
commented
3 years ago @mossholderm yes it's the freeipa user/password base64 encoded. For freeipa minimal rights I have to check. I will come back to you :)
Open mossholderm opened 3 years ago
guilhem
commented
3 years ago @mossholderm yes it's the freeipa user/password base64 encoded. For freeipa minimal rights I have to check. I will come back to you :)
StefanAbl
commented
3 years ago For the permissions, I have found a set of permissions, which allows creation of services and issuing of certificates. However I am not sure, whether it is truly minimal and how it behaves with renewing certificates. The permissions are:
Service write userCertificate is a custom permissions, which allows writing to the userCertificate attribute of a service object. Also for this addHost must be set to false see #7 for an issue with this.
In samples/secret.yaml , should I be replacing the "b64value" for user and password with the base64 encoded version of a FreeIPA user who has permissions to generate certificates? Do they need a specific set of permissions in FreeIPA?