Currently the system digest user (opencast_system_account by default) is used both for authentication between nodes in the cluster, and between the CA and admin node.
We should separate this into two separate accounts by creating a digest user for capture agents which has a specific role and access to endpoints required by capture agents configured for that role.
Initial version of this for 3.x:
Initial testing on this has surfaced some problem with the workflow that runs after a CA has ingested a mediapackage (using a CA-specific non-admin account). So possibly some permissions issue there.
Final implementation of this feature is:
(7.0 and later)