Bryan,
Thanks a ton! I am working on this now.
Informationally, I'll pass along that after reading your email last night where
you mentioned the client looking for a host/10.10.1...@example.com principal, I
found that logging onto the host and using ipa-join -h created
such an IP
al created?
Regards,
Dave
-Original Message-
From: Bryan Mesich [mailto:bryan.mes...@digikey.com]
Sent: Wednesday, December 19, 2018 5:42 PM
To: FreeIPA users list
Cc: Theese, David C
Subject: Re: [Freeipa-users] Single Sign On (SSO) SSH via IP Address
On Thu, Dec 20, 2018 at 12:10:37AM +0
Hello FreeIPA Community,
I am using FreeIPA version 4.4.0 on CentOS Linux 7.3.1611.
Via FreeIPA's use of Kerberos, I have no problem SSHing among hosts in a
passwordless manner (Single Sign On (SSO)) as long as I use their hostnames.
Example relevant output from the SSH client verbose mode is:
Ryan,
Thank you for the response.
I've tried "ipa host-add-principal" and, as far as I can tell, it doesn't have
any effect. It sounds like it's exactly what I need, but perhaps I am not using
it properly. In any case, I have found that the following seems to work:
### From my initial post
Hello,
I am using CentOS 7.3 and FreeIPA 4.4.
I have one FreeIPA server and several FreeIPA clients. SSH SSO has been working
fine (via Kerberos). Call the network they reside on 192.168.1.0/24 (the
"primary" network).
I recently added a second NIC to each of the clients. Thus, all clients