[Freeipa-users] Can freeIPA work without Kerberos and DNS

Mon Mar 30 07:32:27 UTC 2015

On 30/03/15 04:27, Gokulnath wrote:
> Thanks for getting back.
>
> 1. As security Kerberos can ticket and in memory can be taken and that session key
> Can be used to gain access every where. Primarily this because the plan is to use the solution in cloud.
>
> 2. Can I disable DNS as well? And have IPA to run only ldap, ssh key rotation and pki ?
IPA clients require properly configured DNS, if you plan to use only 
server IMO it should work.
>
> 3. As during the install, DNS and Kerberos are getting installed and configured.
DNS is optional part of installation, by default DNS is not installed.
>
> I would really appreciate if you can get back.
>
> Thank you
> Gokul
> Sent from iPhone
>
>> On Mar 29, 2015, at 8:44 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>
>>> On 03/29/2015 11:50 AM, Gokul wrote:
>>> Hi,
>>>
>>> I am tried to run some of my user cases with FreeIPA.
>>>
>>> Have FreeIPA to do only SSH key management in LDAP and PKI management.
>>>
>>> The understand that every request is kerberized and it has the DNS is must configuration.
>>>
>>> Can I have FreeIPA to run only SSH Key management with LDAP and a PKI server with dogtag?
>>>
>>> Thank you
>>> Gokul
>> You can't turn off Kerberos. You would need Kerberos for administration.
>> But other clients can take advantage of LDAP and SSH only.
>> However you are significantly limiting your functionality and capabilities.
>> Kerberos is really the key of the solution.
>>
>> What is the reason you try to avoid using it?
>>
>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project


-- 
Martin Basti