Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
X.509) in FreeIPA, tied to a user account, so only the user (via kerb
token or with password prompt) can fetch the token?

If FreeIPA doesn't make this possible, can anyone suggest a good
mechanism to have, effectively, a user keystore that would sync
passwords with FreeIPA nicely.  I am thinking, in particular, of the
scenario where users forget their password -- we'd strongly prefer to
just reset it for them (24 hours, one login) in a way that didn't mean
also re-issuing all passphrase-secured identity tokens.



<<attachment: ijstokes.vcf>>

Freeipa-users mailing list

Reply via email to