On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote: > Is there some mechanism to store private keys (e.g. ssh, pgp, gpg, > X.509) in FreeIPA, tied to a user account, so only the user (via kerb > token or with password prompt) can fetch the token? > > If FreeIPA doesn't make this possible, can anyone suggest a good > mechanism to have, effectively, a user keystore that would sync > passwords with FreeIPA nicely. I am thinking, in particular, of the > scenario where users forget their password -- we'd strongly prefer to > just reset it for them (24 hours, one login) in a way that didn't mean > also re-issuing all passphrase-secured identity tokens. >
Not now however: https://fedorahosted.org/freeipa/ticket/754 https://fedorahosted.org/freeipa/ticket/237 https://fedorahosted.org/freeipa/ticket/521 There are also some thoughts and ideas about IPA as a secure vault for other credentials in other systems which is not logged as a ticket. Would you mind sharing with us your ideas about this functionality actually should work? Use cases, examples and design ideas are very welcome. > Thanks, > > Ian > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
