On Mon, 24 Mar 2014, Stijn De Weirdt wrote:
hi alexander,
No, because then you have to either ship keytabs around during
provisioning or hardcode that user's password in the kickstart and
they are already nervous about doing that for the OTP.
This topic raises regularly on IRC. My suggestion
On Tue, 25 Mar 2014, Nordgren, Bryce L -FS wrote:
Collaboration can be in different ways. It all depends on the use case. It can
be OpenID, SAML, Kerberos, etc. There are different technologies and they suit
better different use cases.
Can you please share under what circumstances such
hi alexander,
No real password is in the kickstart file, OTP will turn itself off
automatically on enrollment and time has to be within the window of
opportunity.
but the password itself is still valid if the install failed and
someone else tries to use it.
Right. Nobody actually prevents
It searching for ldap.mydomain.com because you still have DNS SRV record
_kerberos._udp.mydomain.com. pointing to it. I would start there.
As for the failure, I would check that the generated /etc/krb5.conf is correct:
~
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
Dear all:
whe install it already genrate a self sign cert called mydomain.com . and
run ca service. now i want to check if it ok to install 3rd party
replcacing ..so
to httpd my ldap it will be https: my co domain (official cert ). and
replcabelow.
/etc/ipa/ca.crt
/usr/share/ipa/html/ca.crt
On 25.3.2014 10:27, barry...@gmail.com wrote:
Dear all:
whe install it already genrate a self sign cert called mydomain.com
http://mydomain.com . and run ca service. now i want to check if it
ok to install 3rd party replcacing ..so
to httpd my ldap it will be https: my co domain (official cert
Hello,
so you've read about the web application authentication and host-based
access control but never tried it and now you wonder how the HBAC with
Kerberos actually works in the web context ...
Why not try to set it up and see for yourself? ... And give karma
to
I've been working with support on how to set up HBAC and sudo rules with AD
users.
From what they've described I can only manage them on an aggregate level
using an external group.
For example, I can define an hbac rule, but that hbac rule will be vaild
for *all* AD users in the external group
On Tue, 25 Mar 2014, KodaK wrote:
I've been working with support on how to set up HBAC and sudo rules with AD
users.
From what they've described I can only manage them on an aggregate level
using an external group.
For example, I can define an hbac rule, but that hbac rule will be vaild
for
Hello,
I am planning to setup IPA-server in centos 6.5 environment to manage
user accounts(on ubuntu/centos/redhat) and automount NFS home
directories. The IPA-server in centos 6.x repository is 3.0.0.
Name: ipa-server
Arch: x86_64
Version : 3.0.0
Release : 37.el6
Dear sir:
where can i set stop alias of /ipa/ui redirection...and let
it just use https://abc.com/ipa/ui/ absolute path?
thks
barry
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On Tue, 25 Mar 2014, Carl E. Ma wrote:
Hello,
I am planning to setup IPA-server in centos 6.5 environment to
manage user accounts(on ubuntu/centos/redhat) and automount NFS home
directories. The IPA-server in centos 6.x repository is 3.0.0.
Name: ipa-server
Arch: x86_64
12 matches
Mail list logo
