[Spacewalk-list] Installing spacewalk with a freeipa server

[James Hogarth]

> I want to install spacewalk with freeIPA and wondered whether anyone has
> done that yet, or has any hints/resources. I have installed spacewalk
> before a few times, but standalone.
>
>
To my knowledge you still need to configure the users locally (at least I
do) since you need to be able to assign them channel permissions etc...

 In /etc/rhn/rhn.conf you will need:

pam_auth_service = rhn-satellite

That defines the service name for pam...

In /etc/pam.d/rhn-satellite this will pass the authentication to SSSD which
will then handle the rest:

auth        required      pam_env.so
auth        sufficient    pam_sss.so
auth        required      pam_deny.so
account     sufficient    pam_sss.so
account     required      pam_deny.so

Don't forget to put a rhn-satellite service in place for policies if you
are using HBAC to limit access to services from users (my admins have a
default allow all services ... so will vary by site).

I've not popped a IPA signed certificate for the HTTPS service of spacewalk
but it should be pretty trivial to do...

On your clients don't forget to add the CA certificate for IPA
to /etc/pki/tls/certs/ca-bundle.crt and any java keystores you are using as
well.

If you need more help when I have some more time I can assist more later...

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20121120/3d8e70e4/attachment.htm>