[Freeipa-users] FreeIPA User Authorization Guidelines Required

Wed Dec 21 09:39:29 UTC 2016

Hi Petr,

Is there any way to automatically create .PPK and Public ssh key for new users created?

Thanks,
Niraj Kumar

-----Original Message-----
From: Petr Vobornik [mailto:pvoborni at redhat.com]
Sent: 20 December 2016 16:40
To: Singh, NirajKumar <nirajkumar.singh at accenture.com>; freeipa-users at redhat.com
Cc: Morikawa, Hirofumi <hirofumi.morikawa at accenture.com>
Subject: Re: [Freeipa-users] FreeIPA User Authorization Guidelines Required

On 12/20/2016 10:58 AM, nirajkumar.singh at accenture.com wrote:
> Hi FreeIPA Team,
>
> We have performed installation of FreeIPA Master Server and Client
> Server. We are successful with user creation with home directory and sudo configuration.
>
> Regarding Authentication we have some questions:
>
> 1.Can we implement authorized key authentication for these servers. Is
> there any way in FreeIPA we can automate the ppk key generation for each individual user?

FreeIPA/IdM supports central management of public SSH keys:
 https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_user-2Dkeys.html&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=ldieGGgCFsQtjTOIEa7mxR1OkAz88yCH_8Pw_lbwyhw&e=

>
> 2.If Not Automated key generation what are the possible ways for more
> secured authentication other than password authentication?

It supports Two Factor Authentication via integrated OTP support or third party RADIUS server:

OTP:
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_otp.html&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=nPIf9X-15LZzI5un06oWEsFYIkL8kU2LcxbsS4G6JyU&e=

RADIUS proxy:
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_7_html_Linux-5FDomain-5FIdentity-5FAuthentication-5Fand-5FPolicy-5FGuide_otp.html-23migrating-2Dproprietary-2Dotp&d=DgIC-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=J_tjNpkwndknzRvQ2_H1bSGILs8ve3v6B5UQit18NC0&m=tfQVRIRjW-wT95LvX5PLzw9edRibMixUTKVUIIwijLE&s=2BLd2lichlzyifLuvJw2eNEtVghd0SYlGtO9P2vxsCk&e=

>
> Thanks and Regards,
>
> Niraj Kumar Singh
>
> Mobile: +91-9663212985
>
> Email: nirajkumar.singh at accenture.com
> <mailto:nirajkumar.singh at accenture.com>
>
>
> ----------------------------------------------------------------------
> ----------
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
> Where allowed by local law, electronic communications with Accenture
> and its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________
> ________________
>
> www.accenture.com
>
>
>

--
Petr Vobornik

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com