[Freeipa-users] Account/password expirations
Prasun Gera
prasun.gera at gmail.com
Mon May 2 00:14:35 UTC 2016
It turns out that this was a permissions issue. Everything works now.
Thanks.
On Sat, Apr 30, 2016 at 11:26 PM, Prasun Gera <prasun.gera at gmail.com> wrote:
> Ah, this doesn't work on ubuntu (14.04). The command itself works, but
> sshd on ubuntu isn't probably compiled with support for this although I see
> "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in sshd_config. I
> don't think the freeipa/sssd ppas package sshd. Any way to get this working
> on ubuntu 14.04 ?
>
> On Fri, Apr 29, 2016 at 12:30 PM, Anon Lister <listeranon at gmail.com>
> wrote:
>
>> Yep sorry I missed that. You need to put your public keys in IPA.
>> On Apr 29, 2016 3:32 AM, "Jakub Hrozek" <jhrozek at redhat.com> wrote:
>>
>> On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote:
>> > >
>> > > Your can still authenticate with SSH keys, but to access any NFS 4
>> shares
>> > > they will need a Kerberos ticket, which can be obtained via a 'kinit'
>> after
>> > > logging in.
>> > >
>> >
>> > Then how does the key authentication work if the .ssh directory on nfs4
>> is
>> > not accessible ? Doesn't the key authentication process rely on
>> > .ssh/authorized keys being readable by the authentication module ?
>>
>> SSSD can fetch the authorized keys from IPA, see man
>> sss_ssh_authorizedkeys(1)
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160501/668cf302/attachment.htm>
More information about the Freeipa-users
mailing list