[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Dmitri Pal
dpal at redhat.com
Tue Aug 2 20:27:07 UTC 2011
On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote:
> Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
> X.509) in FreeIPA, tied to a user account, so only the user (via kerb
> token or with password prompt) can fetch the token?
>
> If FreeIPA doesn't make this possible, can anyone suggest a good
> mechanism to have, effectively, a user keystore that would sync
> passwords with FreeIPA nicely. I am thinking, in particular, of the
> scenario where users forget their password -- we'd strongly prefer to
> just reset it for them (24 hours, one login) in a way that didn't mean
> also re-issuing all passphrase-secured identity tokens.
>
Not now however:
https://fedorahosted.org/freeipa/ticket/754
https://fedorahosted.org/freeipa/ticket/237
https://fedorahosted.org/freeipa/ticket/521
There are also some thoughts and ideas about IPA as a secure vault for
other credentials in other systems which is not logged as a ticket.
Would you mind sharing with us your ideas about this functionality
actually should work?
Use cases, examples and design ideas are very welcome.
> Thanks,
>
> Ian
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110802/bdf72018/attachment.htm>
More information about the Freeipa-users
mailing list