RedHat IPA questions.

[David Miller]

I'm in the process of evaluating RH IPA server and have run into two  
problems. Before I begin here is the setup. One vanilla RHEL 5.2  
server install with IPA channel. One vanilla RHEL 5.2 desktop install  
with workstation channel. Eventually I would like to have a couple of  
Linux clusters and a few stand alone general compute nodes use an IPA  
server for enforcing password policy and authenticating users that  
will only be using SSH.

1. After getting my evaluation key entered into RHN I successfully  
subscribed my RHEL5 server with the IPA sub channel and got the IPA  
server up and running. However, I could not find a sub channel to  
subscribe to for the IPA client for my RHEL 5 desktop with  
workstation. I wound up installing the RPM's from the IPA server  
installation ISO through yum. What is the channel used to grab the IPA  
client packages? The desktop version of RHEL cannot subscribe to the  
IPA channel.

2. When I create a user account I cannot log into the RHEL workstation  
using SSH. I must log the new account  in at the console first. At the  
console I'm prompted to change the password for the new account right  
away. After changing the password I can login using SSH. I like the  
one time password but is there a way to make it work over SSH without  
tying the machine they are SSHing from to the IPA server's kerberos?  
Even though the SSH works after the initial console login what will  
happen when the password is due for changing? I have people SSHing in  
using all sorts of SSH clients on various operating systems. Getting  
all of them to work with kerberos just for SSH is unrealistic.

David.