[Freeipa-users] FreeIPA User Authorization Guidelines Required
Petr Vobornik
pvoborni at redhat.com
Tue Dec 20 11:09:30 UTC 2016
On 12/20/2016 10:58 AM, nirajkumar.singh at accenture.com wrote:
> Hi FreeIPA Team,
>
> We have performed installation of FreeIPA Master Server and Client Server. We
> are successful with user creation with home directory and sudo configuration.
>
> Regarding Authentication we have some questions:
>
> 1.Can we implement authorized key authentication for these servers. Is there any
> way in FreeIPA we can automate the ppk key generation for each individual user?
FreeIPA/IdM supports central management of public SSH keys:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/user-keys.html
>
> 2.If Not Automated key generation what are the possible ways for more secured
> authentication other than password authentication?
It supports Two Factor Authentication via integrated OTP support or
third party RADIUS server:
OTP:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/otp.html
RADIUS proxy:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/otp.html#migrating-proprietary-otp
>
> Thanks and Regards,
>
> Niraj Kumar Singh
>
> Mobile: +91-9663212985
>
> Email: nirajkumar.singh at accenture.com <mailto:nirajkumar.singh at accenture.com>
>
>
> --------------------------------------------------------------------------------
>
> This message is for the designated recipient only and may contain privileged,
> proprietary, or otherwise confidential information. If you have received it in
> error, please notify the sender immediately and delete the original. Any other
> use of the e-mail by you is prohibited. Where allowed by local law, electronic
> communications with Accenture and its affiliates, including e-mail and instant
> messaging (including content), may be scanned by our systems for the purposes of
> information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
>
> www.accenture.com
>
>
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list