[Freeipa-users] Client Certificates not in backlog
Brian Topping
brian.topping at gmail.com
Mon Jul 20 22:15:11 UTC 2015
Hi I was just looking at http://www.freeipa.org/page/User_certificate_use_cases and was trying to do some self-service to see when it might get scheduled. Unless I am mistaken, it doesn't even seem to exist in the backlog. Is that intentional?
The reason I started to look at this again is I have been getting persistent password cracking attacks against public endpoints such as IMAP and SMTP. Client certificates would be an ideal solution and would work with mobile devices as well. I know many are using host certificates for this kind of thing, but it seems like there would be leakage if a user account were disabled and the respective hosts were not.
Most of the developers here use OS X, although maybe that needs to be revisited. I opened issue 21908279 on https://bugreport.apple.com to see if we could get any traction on making http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but bugreport.apple.com is a black hole and not much escapes.
Anyway, I thought these use cases might be interesting to others and it seems client certs are a great way to solve the problem. Would love to hear how others have solved these issues!
Cheers, Brian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150720/a52fedc6/attachment.sig>
More information about the Freeipa-users
mailing list