On Mon, Mar 15, 2021 at 4:31 PM Rob Crittenden <[email protected]> wrote:
> Robert Kudyba wrote: > > I'd like to provide an update. I can get ssh -k to work but here's what > > I had to do: > > 1. I had to run ipa-client-install on another server/computer > > 2. I ran kinit [email protected] <mailto:[email protected]> > > 3. I could then run ssh -k [email protected] > > <mailto:[email protected]> and automatically logged in without > > needing to enter a password. > > > > My question is, how does this scale to users, i.e., in our case, > > students, who are all over the world using their own laptops? Does every > > user client, i.e., computer, need to run ipa-client-install? Am I > > missing something? > > It depends on what the expectations are for these user-owned machines. > Only expectation is to be able to log in to a server, get access to their home directory and be able to do their assignments, e.g., C++, Java or Python programming. > If you don't need IPA identities and IPA users won't log into them, then > they only need a working krb5.conf and DNS configured on them. > So each device needs to drop in the krb5.conf file from the FreeIPA server? How does this work on a Windows client? > So your students would log into their own controlled machine using their > own local account, kinit [email protected] and ssh using their > credentials. > > The krb5.conf will tell the student machine how to contact the KDC. > That's all that is necessary (beyond working DNS). I just tried this on another Fedora 33 workstation, dropped in the /etc/krb5.conf file and all I get is: kinit: No KCM server found while getting default ccache I'm puzzled as to what we'd need to tell/provide to a student, who is enrolled remotely and can't come on campus, to be able to connect to our server via their Windows or Mac laptop.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
