On 3/25/19 2:16 AM, William Brown wrote: > * To servers > > Use SSH key distribution in LDAP via SSSD.
Or better use (temporary) OpenSSH certificates. > Finally, it is my personal opinion (IE not the opinion of the project > or my employer) that kerberos should be avoided as it introduces > complexity, fragility and high risk of lateral movement attacks. Full ack. Ciao, Michael. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
