[Spacewalk-list] Installing spacewalk with a freeipa server
James Hogarth
james.hogarth at gmail.com
Tue Nov 20 09:54:54 UTC 2012
> I want to install spacewalk with freeIPA and wondered whether anyone has
> done that yet, or has any hints/resources. I have installed spacewalk
> before a few times, but standalone.
>
>
To my knowledge you still need to configure the users locally (at least I
do) since you need to be able to assign them channel permissions etc...
In /etc/rhn/rhn.conf you will need:
pam_auth_service = rhn-satellite
That defines the service name for pam...
In /etc/pam.d/rhn-satellite this will pass the authentication to SSSD which
will then handle the rest:
auth required pam_env.so
auth sufficient pam_sss.so
auth required pam_deny.so
account sufficient pam_sss.so
account required pam_deny.so
Don't forget to put a rhn-satellite service in place for policies if you
are using HBAC to limit access to services from users (my admins have a
default allow all services ... so will vary by site).
I've not popped a IPA signed certificate for the HTTPS service of spacewalk
but it should be pretty trivial to do...
On your clients don't forget to add the CA certificate for IPA
to /etc/pki/tls/certs/ca-bundle.crt and any java keystores you are using as
well.
If you need more help when I have some more time I can assist more later...
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20121120/3d8e70e4/attachment.htm>
More information about the Spacewalk-list
mailing list