<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/08/2015 11:31 AM, Andrey Ptashnik
wrote:<br>
</div>
<blockquote
cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div>
<div>
<div>Hello Team,</div>
<div><br>
</div>
<div>I know that FreeIPA server supports management of public
keys for each user and it is a very convenient feature.</div>
</div>
</div>
</blockquote>
<br>
First of all IPA does not support user certs yet. It supports SSH
public keys if this is what you are referring to.<br>
<br>
<blockquote
cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com"
type="cite">
<div>
<div>
<div>Are there any possible way to manage private keys as well
including features like re-issuing the key pair if it gets
compromised?</div>
</div>
</div>
</blockquote>
<br>
I am not sure how you envision the management aspect.<br>
If a private key gets compromised you need to generate the new
private key and upload your public key to IPA (if we are talking
about SSH) or use CA to sign a CSR if we are talking about certs
that will be supported for users in 4.2.<br>
<br>
The only management for private keys that one can envision is being
able to escrow them.<br>
IPA will provide a vault facility for that matter in 4.2.<br>
<br>
What other use cases do you have in mind?<br>
<br>
<br>
<blockquote
cite="mid:806543BB-F29A-4D08-B984-8BCAB87734DE@cccis.com"
type="cite">
<div>
<div>
<div>
<div id="">
<div><br>
</div>
<div>Regards,</div>
<div>Andrey</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>