<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
<br>
On 01/22/2013 09:51 PM, Steven Jones wrote:<br>
<span style="white-space: pre;">> Hi,<br>
><br>
> I have all done this, so from what you write I think IPA
would be a good fit for what you want, except that is the single
sign on bit I have not looked to see if that can be done. For http
restart you control that via sudo in IPA so its centrally managed,
I have this working for one such server though I use the reload
option instead.</span><br>
to enable SSO with SSH from a ipa workstation, just edit
/etc/ssh/sshd_config and make sure the line below is set to yes<br>
"GSSAPIAuthentication yes"<br>
<br>
If you've just made the change, it won't take effect until SSH is
restarted. So do the usual service sshd restart.<br>
<br>
<span style="white-space: pre;">><br>
> I would also not run one instance of IPA myself but with such
a small site that's your call.<br>
><br>
> regards<br>
><br>
> Steven Jones<br>
><br>
> Technical Specialist - Linux RHCE<br>
><br>
> Victoria University, Wellington, NZ<br>
><br>
> 0064 4 463 6272<br>
><br>
> -------------------------<br>
> *From:* <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Bob Sauvage
[<a class="moz-txt-link-abbreviated" href="mailto:Bob.sauvage@gmx.fr">Bob.sauvage@gmx.fr</a>]<br>
> *Sent:* Wednesday, 23 January 2013 9:51 a.m.<br>
> *To:* <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
> *Subject:* [Freeipa-users] Some interrogations about the
freeipa deployment<br>
><br>
> Hi *,<br>
><br>
> I plan to review the network architecture of my office. 10
Windows/Linux desktops and 2 Linux servers will be deployed on the
network.<br>
><br>
> I want to install freeipa on the first server to act like an
AD DS. I want to authenticate users on the server and controlling
what can be done or not by them on the network. 10 other linux web
servers should be accessible (console) by specific users and
without the need to authenticating again (single sign on). On
these web servers, users can issue specific commands like
"/etc/init.d/httpd restart".<br>
><br>
> Is it possible to achive this with freeipa ? Do you have some
articles ?<br>
><br>
> Thanks in advance,<br>
><br>
> Bob !<br>
><br>
><br>
> _______________________________________________<br>
> Freeipa-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.13 (GNU/Linux)<br>
Comment: Using GnuPG with Thunderbird - <a class="moz-txt-link-freetext" href="http://www.enigmail.net/">http://www.enigmail.net/</a><br>
<br>
iQIcBAEBAgAGBQJQ/w8VAAoJEAJsWS61tB+q2+8P/0voaYOSa/ZnwiQmvrqLsaPE<br>
oYm4j/m88STSXvDdhDsgNQJZJFY9XDv7y3njnuSWElqHD0yGBEbJvc+pmoi8uZf0<br>
8EORIarUQhCf6awI4RIHxg6+nOOwVkllx/FDVSJldGnKlv3OSvOrln+tTK9gITkg<br>
ZzsMvtFTYIjrF4nMSEtTCGfFi7lnmCrvXhXijKSCRjUfZI51t78SamI5ldKzV6Zy<br>
RE4ofJQexUpWhCXnDyWg5I/fDY6EQc9UAjeiVjmC462Sp32Rso5bQBYUwrQtD8uG<br>
d1b1sfOW3v+oExmnOfSeGwzssl8SzYk1jr9kak9JU1DctPIgp5aCjpKYtRTnh5GB<br>
44bNMXATFHRWVU21QlaTYwmQue12cb1BaehMUjZfvHTvNcK171RF9DfAhxS+U1Z4<br>
ZCyv8mUGDB28xWKx0fH5639CGjPYCZxltOOF/053W7ZyrrRN38O2AD7LUkYdH3kb<br>
ci04L/tB8znXcP6OQaTeDzJHY12bkspJz+tBNvM/KeFhJQxw/FQqtFi55KrhlKMN<br>
XCsHdj3fqEzV/h6+3wu0Na7Y4hDt5mf0i3i1UTO9nj941QIr2BYKrQLzKSKLu/Md<br>
Z+E04ZgiQWgzb+Yw4bFv6I8g4y6nrUFVvDxt970bqgbk9cbfAGLEMjd6xRm6QDgq<br>
CJUkZcaWqi3SYPeGHx0x<br>
=fTHE<br>
-----END PGP SIGNATURE-----<br>
<br>
</body>
</html>