[Freeipa-devel] user certificates
Fraser Tweedale
ftweedal at redhat.com
Wed Jun 11 08:02:17 UTC 2014
Hi all,
Use cases are emerging for user certificates in FreeIPA. Some
include:
- VPN certificates. A user logs into an IPA domain. They are not
connected to a wired network so a background service (SSSD or
other) acquires a short-lived client certificate for connecting to
the company VPN (and connects it, thus saving the user some time
and hassle).
- A DNP3 Smart-Grid user's roles are updated. A new IEC 62351-8
certificate must be signed by the CA and provided to the DNP3 to
be sent to outstations on the network.
There are other use cases for user certificates, e.g. client
authentication for HTTP or other network services. Perhaps you know
of others - in which case let us know.
Are there any current plans/design documents for implementing user
certificates in FreeIPA? Or if I'm way off track in my thinking
here, please help me understand how these use cases do or do not
apply to FreeIPA :)
As a side-note: support for different Dogtag profiles in FreeIPA is
prerequisite for this - in fact it is likely that even a single user
may need to acquire certificates with different profiles, for the
different use cases.
Cheers,
Fraser
More information about the Freeipa-devel
mailing list