Howdy,
We are having intermittent login issues with our SSSD/IPA clients using
Identity Manager in a read-only cross-forest trust configuration.
The SSSD/IPA servers themselves don't seem to be having this issue, just the
SSSD/IPA clients using the IDM/IPA servers as their identity provider.
Howdy,
We are having intermittent login issues with our SSSD/IPA clients using
Identity Manager in a read-only cross-forest trust configuration.
The SSSD/IPA servers themselves don't seem to be having this issue, just the
SSSD/IPA clients using the IDM/IPA servers as their identity provider.
The best way to handle this is via a CloudWatch event that triggers a Lambda
when the EC2 is terminated to call the IPA REST API to remove the host.
No need for all the rigamorale you are doing.
___
FreeIPA-users mailing list --
Thanks for the response, François.
I'm somewhat surprised there isn't a way to determine both host and user
activity already.
For hosts, doesn't the Kerberos ticket have to be renewed on a regular basis?
Couldn't that timestamp be used?
___
Nothing? No ideas?
How do large organizations with 1000s of hosts handle this?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: