[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Simo Sorce
simo at redhat.com
Tue Aug 2 21:00:01 UTC 2011
On Tue, 2011-08-02 at 16:27 -0400, Dmitri Pal wrote:
> On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote:
> > Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
> > X.509) in FreeIPA, tied to a user account, so only the user (via
> > kerb token or with password prompt) can fetch the token?
> >
> > If FreeIPA doesn't make this possible, can anyone suggest a good
> > mechanism to have, effectively, a user keystore that would sync
> > passwords with FreeIPA nicely. I am thinking, in particular, of the
> > scenario where users forget their password -- we'd strongly prefer
> > to just reset it for them (24 hours, one login) in a way that didn't
> > mean also re-issuing all passphrase-secured identity tokens.
> >
>
> Not now however:
> https://fedorahosted.org/freeipa/ticket/754
> https://fedorahosted.org/freeipa/ticket/237
> https://fedorahosted.org/freeipa/ticket/521
Replaced the last one with: https://fedorahosted.org/freeipa/ticket/1560
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list