[Freeipa-users] Switch sudoers to IPA
Jakub Hrozek
jhrozek at redhat.com
Thu Mar 2 15:10:07 UTC 2017
On Thu, Mar 02, 2017 at 07:09:41PM +0530, deepak dimri wrote:
> Hi List,
>
> I have sudo and normal users accessing linux systems using their private
> key without IPA. I have IPA fully functioning and now i want to switch the
> users from local file login to IPA.
>
> Any new user i create in IPA can SSH into ipa client jump boxes fine. I
> want to know how i can migrate existing local sudoers users to IPA. This
> is what i have done to achieve this:
>
> 1- Created a new user in IPA with the same name as i have in Jumpbox.
> 2 - Added the public key of that user in IPA.
> 3- Added the user to jumpbox_usergroup as my sshd.conf forces the users of
> this group to authenticate against the pam/sssd
>
> Now when i try to ssh into jumpbox using as i was doing before i still logs
> into the jumpbox via unix pam and not IPA. What should i be doing so that
> the "existing" local unix users can login via IPA?
But do you need to keep the local users around? Why not create the IPA
user with the same UID as the local user and remove the local user?
Typically, if there is a user both in the local files and a remote
source, the system (as configured in nsswitch.conf) would first return
the local user and the PAM stack then only authenticates this user using
pam_unix.so
More information about the Freeipa-users
mailing list