[Freeipa-users] Cross-realm trust with AD and ssh keys management
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 24 14:40:31 UTC 2013
On Tue, 24 Sep 2013, Alexandre Ellert wrote:
>Hi,
>
>I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross realm trust with my Active Directory (Win2008 R2).
>Authentication works both with AD passwords and Kerberos GSS-API.
>
>Now, I'm trying to find the way to manage ssh key which belong to AD
>users. It seems that I can do that only with users declared on IPA
>domain. Can you confirm that ?
Yes. AD users do not exist physically in IPA LDAP, therefore there is no
object to assign attributes into.
>Does winsync method provide a way to add ssh key to an AD user ?
Under winsync AD users would become 'normal' LDAP objects in IPA,
therefore you can assign additional values/attributes to them.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list