Thank you for the answer. Sory if i lack the knowledge, but why SSL is needed when using kerberos? Kerberos is based on 3th party that is trusted, why there is a need for public key encryption? On Mar 19, 2014 12:24 AM, "Rob Crittenden" <rcrit...@redhat.com> wrote:
> Genadi Postrilko wrote: > >> Hello all. >> I'm trying to understand the use of the certificates in the >> communication between an IPA client and server. >> The documentation describes the retrieval of CA certificate while client >> setup: >> "Retrieve the CA certificate for the IdM CA" >> >> And retrieval of SSL server certificate: >> "Enable certmonger, retrieve an SSL server certificate, and install the >> certificate in |/etc/pki/nssdb"| >> >> https://access.redhat.com/site/documentation/en-US/Red_ >> Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ >> setting-up-clients.html#what-happens-clients >> >> From my understanding the authentication in IPA environment is kerberos >> based, therefore the client and server share a "secret" that allows the >> user to authenticate himself to the server and vice versa. >> Where comes the need for certificate? Some of the IPA server services >> are not kerberized? >> > > Kerberos over HTTP requires SSL which is why the CA is retrieved and > installed. > > We don't currently use the machine certificate. This was for > future-proofing. > > rob >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users