<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
X.509) in FreeIPA, tied to a user account, so only the user (via
kerb token or with password prompt) can fetch the token?<br>
<br>
If FreeIPA doesn't make this possible, can anyone suggest a good
mechanism to have, effectively, a user keystore that would sync
passwords with FreeIPA nicely. I am thinking, in particular, of the
scenario where users forget their password -- we'd strongly prefer
to just reset it for them (24 hours, one login) in a way that didn't
mean also re-issuing all passphrase-secured identity tokens.<br>
<br>
Thanks,<br>
<br>
Ian<br>
</body>
</html>