[Freeipa-users] Re: How to determine when host last checked in?
On ti, 10 joulu 2019, Master Blaster via FreeIPA-users wrote: Thanks for the response, François. I'm somewhat surprised there isn't a way to determine both host and user activity already. For hosts, doesn't the Kerberos ticket have to be renewed on a regular basis? Couldn't that timestamp be used? Yes. You still need to collect that information somehow. We do not update the time stamp right now at all by default because of a replication storm concerns. Once DSU feature is implemented, a coarse time stamp will updated for each principal. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: How to determine when host last checked in?
Thanks for the response, François. I'm somewhat surprised there isn't a way to determine both host and user activity already. For hosts, doesn't the Kerberos ticket have to be renewed on a regular basis? Couldn't that timestamp be used? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: How to determine when host last checked in?
There is currently no way to know, but the Disable Stale Users proposal could be extended to any principal including the host ones. https://github.com/freeipa/freeipa/blob/master/doc/designs/disable-stale-users.md The timestamp precision would be coarse but that would clearly match the use-case. François On Tue, Dec 10, 2019 at 12:07 PM Master Blaster via FreeIPA-users wrote: > > Nothing? No ideas? > > How do large organizations with 1000s of hosts handle this? > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: How to determine when host last checked in?
Nothing? No ideas? How do large organizations with 1000s of hosts handle this? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org