<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/2013 09:51 PM, Steven Jones wrote: > Hi, > > I have all done this, so from what you write I think IPA would be a good fit for what you want, except that is the single sign on bit I have not looked to see if that can be done. For http restart you control that via sudo in IPA so its centrally managed, I have this working for one such server though I use the reload option instead. to enable SSO with SSH from a ipa workstation, just edit /etc/ssh/sshd_config and make sure the line below is set to yes "GSSAPIAuthentication yes" If you've just made the change, it won't take effect until SSH is restarted. So do the usual service sshd restart. > > I would also not run one instance of IPA myself but with such a small site that's your call. > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ------------------------- > *From:* <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Bob Sauvage [<a class="moz-txt-link-abbreviated" href="mailto:Bob.sauvage@gmx.fr">Bob.sauvage@gmx.fr</a>] > *Sent:* Wednesday, 23 January 2013 9:51 a.m. > *To:* <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> > *Subject:* [Freeipa-users] Some interrogations about the freeipa deployment > > Hi *, > > I plan to review the network architecture of my office. 10 Windows/Linux desktops and 2 Linux servers will be deployed on the network. > > I want to install freeipa on the first server to act like an AD DS. I want to authenticate users on the server and controlling what can be done or not by them on the network. 10 other linux web servers should be accessible (console) by specific users and without the need to authenticating again (single sign on). On these web servers, users can issue specific commands like "/etc/init.d/httpd restart". > > Is it possible to achive this with freeipa ? Do you have some articles ? > > Thanks in advance, > > Bob ! > > > _______________________________________________ > Freeipa-users mailing list > <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - <a class="moz-txt-link-freetext" href="http://www.enigmail.net/">http://www.enigmail.net/</a> iQIcBAEBAgAGBQJQ/w8VAAoJEAJsWS61tB+q2+8P/0voaYOSa/ZnwiQmvrqLsaPE oYm4j/m88STSXvDdhDsgNQJZJFY9XDv7y3njnuSWElqHD0yGBEbJvc+pmoi8uZf0 8EORIarUQhCf6awI4RIHxg6+nOOwVkllx/FDVSJldGnKlv3OSvOrln+tTK9gITkg ZzsMvtFTYIjrF4nMSEtTCGfFi7lnmCrvXhXijKSCRjUfZI51t78SamI5ldKzV6Zy RE4ofJQexUpWhCXnDyWg5I/fDY6EQc9UAjeiVjmC462Sp32Rso5bQBYUwrQtD8uG d1b1sfOW3v+oExmnOfSeGwzssl8SzYk1jr9kak9JU1DctPIgp5aCjpKYtRTnh5GB 44bNMXATFHRWVU21QlaTYwmQue12cb1BaehMUjZfvHTvNcK171RF9DfAhxS+U1Z4 ZCyv8mUGDB28xWKx0fH5639CGjPYCZxltOOF/053W7ZyrrRN38O2AD7LUkYdH3kb ci04L/tB8znXcP6OQaTeDzJHY12bkspJz+tBNvM/KeFhJQxw/FQqtFi55KrhlKMN XCsHdj3fqEzV/h6+3wu0Na7Y4hDt5mf0i3i1UTO9nj941QIr2BYKrQLzKSKLu/Md Z+E04ZgiQWgzb+Yw4bFv6I8g4y6nrUFVvDxt970bqgbk9cbfAGLEMjd6xRm6QDgq CJUkZcaWqi3SYPeGHx0x =fTHE -----END PGP SIGNATURE----- </body> </html>