[Freeipa-users] Setting sssd for webui
Sebastien Julliot
julliot at ljll.math.upmc.fr
Fri Nov 4 14:09:50 UTC 2016
Hello everyone,
As I explained you some time ago, I have been skirting the ipa's
limitation to setting pre-hashed passwords by using ldappasswd. (I know
you guys think it's wrong. In this case the hashes come from an other
ldap which, for intern reasons, we can not synchronize with otherwise
than by frequent ldif extractions. So it's the only solution to have
unified passwords)
To have the kerberos key generated, I can ask the users to do an
ldapsearch or to ssh on a machine with sssd enabled.
Yet, as most users will mainly want to use the WebUi, I am looking for a
way to have them able to connect to it without needing to do an
ldapsearch first.
To be precise, I set the userPassword field using ldappasswd, and delete
the krbprincipalkey.
Do you see any way to make the webui directly authenticable ?
Thanks,
Sebastien Julliot.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161104/89e46b74/attachment.sig>
More information about the Freeipa-users
mailing list