<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Also, do ipa-client-install configure to be a ssh server?<br><br>From what I understand from the documentation, ipa-client-install does not configure the client machine to be a kerberized ssh server. <br><br>John Robert Mendoza<br><br>--- On <b>Sat, 1/23/10, Michael Kang <i><wxiluo@gmail.com></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: Michael Kang <wxiluo@gmail.com><br>Subject: [Freeipa-users] Configuring Client SSH Access Failure<br>To: "freeipa-users" <freeipa-users@redhat.com><br>Date: Saturday, 23 January, 2010, 11:34 AM<br><br><div id="yiv1968638841">Hi all,<br><br>I'm trying to configure client ssh access on Fedora 12 and I can't access ipaclient without password.<br><br>I'm following this document:<br><a rel="nofollow" target="_blank"
 href="http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html">http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html</a><br>
<br>At the end of this document:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"><div class="para">
                        The IPA client should now be fully configured to accept incoming <code class="systemitem">SSH</code> connections and authenticate with the user's <code class="systemitem">Kerberos</code>
credentials. Use the following command on another machine to test the
configuration. This should succeed without asking for a password. </div></blockquote><div class="para">
                        <blockquote><code class="command"> # ssh <a rel="nofollow" ymailto="mailto:admin@ipaclient.example.com" target="_blank" href="/mc/compose?to=admin@ipaclient.example.com">admin@ipaclient.example.com</a> </code></blockquote>
                </div>As I see it, another machine don't need to install any ipa software and it can access ipaclient without password.<br><br>I have three Fedora machine:<br><ul><li><a rel="nofollow" target="_blank" href="http://ipa.example.com">ipa.example.com</a>(IPA Server)</li>
<li><a rel="nofollow" target="_blank" href="http://client.example.com">client.example.com</a>(IPA Client)</li><li><a rel="nofollow" target="_blank" href="http://node.example.com">node.example.com</a>(another machine which was not installed ipa-client or ipa-server)</li></ul>The <a rel="nofollow" target="_blank" href="http://client.example.com">client.example.com</a> can access <a rel="nofollow" target="_blank" href="http://ipa.example.com">ipa.example.com</a> without password. But the <a rel="nofollow" target="_blank" href="http://node.example.com">node.example.com</a> can't access <a rel="nofollow" target="_blank" href="http://client.example.com">client.example.com</a>.<br>
<br>Do I misunderstand the document or configure incorrect?<br><br>Thanks,<br>Michael<br clear="all"><br>-- <br>Michael Kang（康上明学）<br>There is a giant asleep within every man. When the giant awakens,miracles happen.<br><br>
Personal blog: <a rel="nofollow" target="_blank" href="http://ufusion.org">http://ufusion.org</a> - United Fusion<br>
</div><br>-----Inline Attachment Follows-----<br><br><div class="plainMail">_______________________________________________<br>Freeipa-users mailing list<br><a ymailto="mailto:Freeipa-users@redhat.com" href="/mc/compose?to=Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></div></blockquote></td></tr></table><br>
      <hr size=1> <a href="http://ph.answers.yahoo.com/question/index?qid=20080629165543AAcKnII">How do I quit smoking?</a> <br> Find out the ways on Yahoo! Answers!