[Freeipa-users] Understanding role of the certificate in client - server communication.
Genadi Postrilko
genadipost at gmail.com
Wed Mar 19 08:35:16 UTC 2014
Thank you for the answer.
Sory if i lack the knowledge, but why SSL is needed when using kerberos?
Kerberos is based on 3th party that is trusted, why there is a need for
public key encryption?
On Mar 19, 2014 12:24 AM, "Rob Crittenden" <rcritten at redhat.com> wrote:
> Genadi Postrilko wrote:
>
>> Hello all.
>> I'm trying to understand the use of the certificates in the
>> communication between an IPA client and server.
>> The documentation describes the retrieval of CA certificate while client
>> setup:
>> "Retrieve the CA certificate for the IdM CA"
>>
>> And retrieval of SSL server certificate:
>> "Enable certmonger, retrieve an SSL server certificate, and install the
>> certificate in |/etc/pki/nssdb"|
>>
>> https://access.redhat.com/site/documentation/en-US/Red_
>> Hat_Enterprise_Linux/6/html/Identity_Management_Guide/
>> setting-up-clients.html#what-happens-clients
>>
>> From my understanding the authentication in IPA environment is kerberos
>> based, therefore the client and server share a "secret" that allows the
>> user to authenticate himself to the server and vice versa.
>> Where comes the need for certificate? Some of the IPA server services
>> are not kerberized?
>>
>
> Kerberos over HTTP requires SSL which is why the CA is retrieved and
> installed.
>
> We don't currently use the machine certificate. This was for
> future-proofing.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140319/64a70faf/attachment.htm>
More information about the Freeipa-users
mailing list