[Freeipa-users] Private key management
Dmitri Pal
dpal at redhat.com
Wed Apr 8 17:54:51 UTC 2015
On 04/08/2015 11:31 AM, Andrey Ptashnik wrote:
> Hello Team,
>
> I know that FreeIPA server supports management of public keys for each
> user and it is a very convenient feature.
First of all IPA does not support user certs yet. It supports SSH public
keys if this is what you are referring to.
> Are there any possible way to manage private keys as well including
> features like re-issuing the key pair if it gets compromised?
I am not sure how you envision the management aspect.
If a private key gets compromised you need to generate the new private
key and upload your public key to IPA (if we are talking about SSH) or
use CA to sign a CSR if we are talking about certs that will be
supported for users in 4.2.
The only management for private keys that one can envision is being able
to escrow them.
IPA will provide a vault facility for that matter in 4.2.
What other use cases do you have in mind?
>
> Regards,
> Andrey
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/5dbc6915/attachment.htm>
More information about the Freeipa-users
mailing list