Hi Petr, Is there any way to automatically create .PPK and Public ssh key for new users created?
Thanks, Niraj Kumar -----Original Message----- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: 20 December 2016 16:40 To: Singh, NirajKumar <nirajkumar.si...@accenture.com>; freeipa-users@redhat.com Cc: Morikawa, Hirofumi <hirofumi.morik...@accenture.com> Subject: Re: [Freeipa-users] FreeIPA User Authorization Guidelines Required On 12/20/2016 10:58 AM, nirajkumar.si...@accenture.com wrote: > Hi FreeIPA Team, > > We have performed installation of FreeIPA Master Server and Client > Server. We are successful with user creation with home directory and sudo > configuration. > > Regarding Authentication we have some questions: > > 1.Can we implement authorized key authentication for these servers. Is > there any way in FreeIPA we can automate the ppk key generation for each > individual user? FreeIPA/IdM supports central management of public SSH keys: https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_user-2Dkeys.html&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=ldieGGgCFsQtjTOIEa7mxR1OkAz88yCH_8Pw_lbwyhw&e= > > 2.If Not Automated key generation what are the possible ways for more > secured authentication other than password authentication? It supports Two Factor Authentication via integrated OTP support or third party RADIUS server: OTP: https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_otp.html&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=nPIf9X-15LZzI5un06oWEsFYIkL8kU2LcxbsS4G6JyU&e= RADIUS proxy: https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_otp.html-23migrating-2Dproprietary-2Dotp&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=2BLd2lichlzyifLuvJw2eNEtVghd0SYlGtO9P2vxsCk&e= > > Thanks and Regards, > > Niraj Kumar Singh > > Mobile: +91-9663212985 > > Email: nirajkumar.si...@accenture.com > <mailto:nirajkumar.si...@accenture.com> > > > ---------------------------------------------------------------------- > ---------- > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of information > security and assessment of internal compliance with Accenture policy. > ______________________________________________________________________ > ________________ > > www.accenture.com > > > -- Petr Vobornik ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project