[Freeipa-users] FreeIPA User Authorization Guidelines Required

Petr Vobornik pvoborni at redhat.com
Tue Dec 20 11:09:30 UTC 2016 

On 12/20/2016 10:58 AM, nirajkumar.singh at accenture.com wrote:
> Hi FreeIPA Team,
> 
> We have performed installation of FreeIPA Master Server and Client Server. We 
> are successful with user creation with home directory and sudo configuration.
> 
> Regarding Authentication we have some questions:
> 
> 1.Can we implement authorized key authentication for these servers. Is there any 
> way in FreeIPA we can automate the ppk key generation for each individual user?

FreeIPA/IdM supports central management of public SSH keys:
 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/user-keys.html

> 
> 2.If Not Automated key generation what are the possible ways for more secured 
> authentication other than password authentication?

It supports Two Factor Authentication via integrated OTP support or
third party RADIUS server:

OTP:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/otp.html

RADIUS proxy:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/otp.html#migrating-proprietary-otp

> 
> Thanks and Regards,
> 
> Niraj Kumar Singh
> 
> Mobile: +91-9663212985
> 
> Email: nirajkumar.singh at accenture.com <mailto:nirajkumar.singh at accenture.com>
> 
> 
> --------------------------------------------------------------------------------
> 
> This message is for the designated recipient only and may contain privileged, 
> proprietary, or otherwise confidential information. If you have received it in 
> error, please notify the sender immediately and delete the original. Any other 
> use of the e-mail by you is prohibited. Where allowed by local law, electronic 
> communications with Accenture and its affiliates, including e-mail and instant 
> messaging (including content), may be scanned by our systems for the purposes of 
> information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
> 
> www.accenture.com
> 
> 
> 


-- 
Petr Vobornik

More information about the Freeipa-users mailing list