On Thu, Jul 09, 2015 at 11:33:23AM +0200, Nicola Canepa wrote: > Hello. > I was trying Freeipa as an addition and (maybe) future replacement for the > current SSO solution (custom and only for web apps). > I was able to authenticate (via pam_exec) LDAP users on the legacy system. > My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP > users not created by IPA. > > I enabled migration mode in Freeipa, so that authenticated users should get > Kerberos hash created upon first login, but I don't know how to make users > login without creating them in advance. > > Is there a (suggested) way to let users authenticate via Kerberos and create > users authenticated by PAM upon first login?
Create user where -- in the Web application or in FreeIPA? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project