As far as option D goes I'm now starting to understand IPA makes a distinction between a password and Kerberos keys. If you don't set a password, but use ipa-getkeytab followed by ipa user-show the "Kerberos keys available" attribute changes from Fasle to True, but "Password" remains False. The web GUI doesn't seem to show whether keys were deployed for user accounts and I was expecting to see some indication that I had used ipa-getkeytab, but now see I can only tell using the command line. Can a user have a separate random key as well as a known plain text password simultaneously? Does the krblastpwdchange apply to both password and keys or do keys never expire? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Service Account vs System Account vs User Account
Ryan Slominski via FreeIPA-users Tue, 30 Oct 2018 07:28:26 -0700
- [Freeipa-users] Service Account vs Sys... Ryan Slominski via FreeIPA-users
- [Freeipa-users] Re: Service Accou... Alexander Bokovoy via FreeIPA-users
- [Freeipa-users] Re: Service A... Ryan Slominski via FreeIPA-users
- [Freeipa-users] Re: Servi... Alexander Bokovoy via FreeIPA-users
- [Freeipa-users] Re: S... Ryan Slominski via FreeIPA-users