RedHat IPA questions.
David Miller
millerdc at fusion.gat.com
Mon Dec 15 23:50:53 UTC 2008
I'm in the process of evaluating RH IPA server and have run into two
problems. Before I begin here is the setup. One vanilla RHEL 5.2
server install with IPA channel. One vanilla RHEL 5.2 desktop install
with workstation channel. Eventually I would like to have a couple of
Linux clusters and a few stand alone general compute nodes use an IPA
server for enforcing password policy and authenticating users that
will only be using SSH.
1. After getting my evaluation key entered into RHN I successfully
subscribed my RHEL5 server with the IPA sub channel and got the IPA
server up and running. However, I could not find a sub channel to
subscribe to for the IPA client for my RHEL 5 desktop with
workstation. I wound up installing the RPM's from the IPA server
installation ISO through yum. What is the channel used to grab the IPA
client packages? The desktop version of RHEL cannot subscribe to the
IPA channel.
2. When I create a user account I cannot log into the RHEL workstation
using SSH. I must log the new account in at the console first. At the
console I'm prompted to change the password for the new account right
away. After changing the password I can login using SSH. I like the
one time password but is there a way to make it work over SSH without
tying the machine they are SSHing from to the IPA server's kerberos?
Even though the SSH works after the initial console login what will
happen when the password is due for changing? I have people SSHing in
using all sorts of SSH clients on various operating systems. Getting
all of them to work with kerberos just for SSH is unrealistic.
David.
More information about the redhat-list
mailing list