[Freeipa-users] Migrating from custom auth system
Nicola Canepa
canepa.n at mmfg.it
Thu Jul 9 09:33:23 UTC 2015
Hello.
I was trying Freeipa as an addition and (maybe) future replacement for
the current SSO solution (custom and only for web apps).
I was able to authenticate (via pam_exec) LDAP users on the legacy system.
My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP
users not created by IPA.
I enabled migration mode in Freeipa, so that authenticated users should
get Kerberos hash created upon first login, but I don't know how to make
users login without creating them in advance.
Is there a (suggested) way to let users authenticate via Kerberos and
create users authenticated by PAM upon first login?
My workaround is to create user in the pam_exec-uted script, but I don't
think this is a clean way of doing it, and I have to use LDAP as first
login method.
Thank you in advance for any link, suggestion or solution.
Nicola
More information about the Freeipa-users
mailing list