[Freeipa-users] setting up a client on Debian squeeze
Jakub Hrozek
jhrozek at redhat.com
Fri Aug 30 08:36:34 UTC 2013
On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote:
> Michał Dwużnik wrote:
> >Sorry for quick continuation...
> >
> >Certificate added to nss DB in /etc/pki
> >certutil -A -d /etc/pki/ -n "IPA CA" -t CT,C,C -a -i pki/ca.crt
> >
> >sssd configured according to
> >http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/linux-manual.html
> >
> >How do I test now, before changing PAM options that the pieces fit together?
>
> Perhaps exercise nss with:
>
> % id admin
> % getent passwd admin
> % getent group admin
>
> You can substitute admin for any IPA user or group.
>
> And really you can skip the cert step if you want. Unless you have
> something that will use it we put a cert on the system as a
> convenience right now. There isn't currently anything using it by
> default.
>
> rob
On the client, one piece of functionality where you need the cert are
password migrations from LDAP to IPA. I don't think that's your case,
though.
More information about the Freeipa-users
mailing list