On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote:
> Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
> X.509) in FreeIPA, tied to a user account, so only the user (via kerb
> token or with password prompt) can fetch the token?
> If FreeIPA doesn't make this possible, can anyone suggest a good
> mechanism to have, effectively, a user keystore that would sync
> passwords with FreeIPA nicely. I am thinking, in particular, of the
> scenario where users forget their password -- we'd strongly prefer to
> just reset it for them (24 hours, one login) in a way that didn't mean
> also re-issuing all passphrase-secured identity tokens.
Not now however:
There are also some thoughts and ideas about IPA as a secure vault for
other credentials in other systems which is not logged as a ticket.
Would you mind sharing with us your ideas about this functionality
actually should work?
Use cases, examples and design ideas are very welcome.
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list