Avatar of sqlagent007
sqlagent007
Flag for United States of America asked on

Does RedHat IDM have something like Active Directory gMSA accounts?

What is the equivalent of a gMSA account in RedHat IDM? We are moving to RedHat Identity Management (IDM).


We use Active Directory gMSA accounts for services. These accounts automatically rotate the password and manage the password for the service account. Is there something in RedHat IDM that does the same thing for service accounts?

RedhatActive Directory

Avatar of undefined
Last Comment
sqlagent007

8/22/2022 - Mon
madunix

You could refer to the below document for more information:
[ Chapter 1. Introduction to Red Hat Identity Management ]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/introduction

Also, refer to the below article:
[ How to add a service account in IdM / IPA, with a password that do not expire ]
https://access.redhat.com/solutions/140953
sqlagent007

ASKER
Thank you @Madunix. With Active Directory gMSA accounts...the passwords are automatically changed every 30 days (can be set to as low as 1 day). This article appears to show creating a password that does not expire. That is not exactly what I am looking for.

I think HashiCorp Vault has a solution for this as well, however I am hoping to stick with a single tool like RHIDM.
ASKER CERTIFIED SOLUTION
madunix

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
sqlagent007

ASKER
Thanks!
Your help has saved me hundreds of hours of internet surfing.
fblack61