On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote: > Michał Dwużnik wrote: > >Sorry for quick continuation... > > > >Certificate added to nss DB in /etc/pki > >certutil -A -d /etc/pki/ -n "IPA CA" -t CT,C,C -a -i pki/ca.crt > > > >sssd configured according to > >http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/linux-manual.html > > > >How do I test now, before changing PAM options that the pieces fit together? > > Perhaps exercise nss with: > > % id admin > % getent passwd admin > % getent group admin > > You can substitute admin for any IPA user or group. > > And really you can skip the cert step if you want. Unless you have > something that will use it we put a cert on the system as a > convenience right now. There isn't currently anything using it by > default. > > rob
On the client, one piece of functionality where you need the cert are password migrations from LDAP to IPA. I don't think that's your case, though. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users