[Freeipa-users] Actions for a stolen/compromised IPA Client
Paessens, Daniel
daniel.paessens at hpe.com
Wed Nov 16 09:04:52 UTC 2016
Currently am I looking for a workable solution for the following situation:
Let's say that an ipa client has been stolen (or compromised). What can we do to block all access from it, towards IPA (and rest)
For example if we use the command "ipa host-disable" it's noticed that IPA users are no longer able to login into the system. But if you log into the system as root. Then you can still run (successfully) the command kinit, and optain a ticket for it.
Even if you delete the host from the directory, the behavior remains the same.
Can this anyhow be blocked.
Regards,
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161116/9e22bfed/attachment.htm>
More information about the Freeipa-users
mailing list