[Freeipa-users] Migrating from custom auth system
Jan Pazdziora
jpazdziora at redhat.com
Thu Jul 9 11:05:34 UTC 2015
On Thu, Jul 09, 2015 at 11:33:23AM +0200, Nicola Canepa wrote:
> Hello.
> I was trying Freeipa as an addition and (maybe) future replacement for the
> current SSO solution (custom and only for web apps).
> I was able to authenticate (via pam_exec) LDAP users on the legacy system.
> My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP
> users not created by IPA.
>
> I enabled migration mode in Freeipa, so that authenticated users should get
> Kerberos hash created upon first login, but I don't know how to make users
> login without creating them in advance.
>
> Is there a (suggested) way to let users authenticate via Kerberos and create
> users authenticated by PAM upon first login?
Create user where -- in the Web application or in FreeIPA?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list