RedHat IPA questions.
Naju ....
najum.c at gmail.com
Wed Dec 17 17:30:38 UTC 2008
On Tue, Dec 16, 2008 at 5:20 AM, David Miller <millerdc at fusion.gat.com>wrote:
>
> I'm in the process of evaluating RH IPA server and have run into two
> problems. Before I begin here is the setup. One vanilla RHEL 5.2 server
> install with IPA channel. One vanilla RHEL 5.2 desktop install with
> workstation channel. Eventually I would like to have a couple of Linux
> clusters and a few stand alone general compute nodes use an IPA server for
> enforcing password policy and authenticating users that will only be using
> SSH.
>
> 1. After getting my evaluation key entered into RHN I successfully
> subscribed my RHEL5 server with the IPA sub channel and got the IPA server
> up and running. However, I could not find a sub channel to subscribe to for
> the IPA client for my RHEL 5 desktop with workstation. I wound up installing
> the RPM's from the IPA server installation ISO through yum. What is the
> channel used to grab the IPA client packages? The desktop version of RHEL
> cannot subscribe to the IPA channel.
>
> 2. When I create a user account I cannot log into the RHEL workstation
> using SSH. I must log the new account in at the console first. At the
> console I'm prompted to change the password for the new account right away.
> After changing the password I can login using SSH. I like the one time
> password but is there a way to make it work over SSH without tying the
> machine they are SSHing from to the IPA server's kerberos? Even though the
> SSH works after the initial console login what will happen when the password
> is due for changing? I have people SSHing in using all sorts of SSH clients
> on various operating systems. Getting all of them to work with kerberos just
> for SSH is unrealistic.
Try setting "ChallengeResponseAuthentication" to yes in the
/etc/ssh/sshd_config file.
>
> David.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Cheers
Najmuddin
More information about the redhat-list
mailing list