We have some systems which are FreeIPA connected, but (most) users don't log in as themselves, there's a local system account they use instead (simplifies file ownership for website changes and such, for example).

Is there a way to have their public keys automatically accepted for this local user, via SSSD/FreeIPA, like it is if they log in as themselves? We could just use a cron job to regenerate the authorized_keys from the keys in LDAP, but if we can do it magically through an RBAC thing or something, that would be ideal.