[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Ian Stokes-Rees
ijstokes at hkl.hms.harvard.edu
Tue Aug 2 18:15:51 UTC 2011
Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
X.509) in FreeIPA, tied to a user account, so only the user (via kerb
token or with password prompt) can fetch the token?
If FreeIPA doesn't make this possible, can anyone suggest a good
mechanism to have, effectively, a user keystore that would sync
passwords with FreeIPA nicely. I am thinking, in particular, of the
scenario where users forget their password -- we'd strongly prefer to
just reset it for them (24 hours, one login) in a way that didn't mean
also re-issuing all passphrase-secured identity tokens.
Thanks,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110802/8608ff4a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ijstokes.vcf
Type: text/x-vcard
Size: 380 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110802/8608ff4a/attachment.vcf>
More information about the Freeipa-users
mailing list