<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 04/08/2015 11:31 AM, Andrey Ptashnik wrote:<br> </div> <blockquote cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <div> <div> <div>Hello Team,</div> <div><br> </div> <div>I know that FreeIPA server supports management of public keys for each user and it is a very convenient feature.</div> </div> </div> </blockquote> <br> First of all IPA does not support user certs yet. It supports SSH public keys if this is what you are referring to.<br> <br> <blockquote cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com" type="cite"> <div> <div> <div>Are there any possible way to manage private keys as well including features like re-issuing the key pair if it gets compromised?</div> </div> </div> </blockquote> <br> I am not sure how you envision the management aspect.<br> If a private key gets compromised you need to generate the new private key and upload your public key to IPA (if we are talking about SSH) or use CA to sign a CSR if we are talking about certs that will be supported for users in 4.2.<br> <br> The only management for private keys that one can envision is being able to escrow them.<br> IPA will provide a vault facility for that matter in 4.2.<br> <br> What other use cases do you have in mind?<br> <br> <br> <blockquote cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com" type="cite"> <div> <div> <div> <div id=""> <div><br> </div> <div>Regards,</div> <div>Andrey</div> <div><br> </div> </div> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </body> </html>