On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote:
> Is there some mechanism to store private keys (e.g. ssh, pgp, gpg,
> X.509) in FreeIPA, tied to a user account, so only the user (via kerb
> token or with password prompt) can fetch the token?
>
> If FreeIPA doesn't make this possible, can anyone suggest a good
> mechanism to have, effectively, a user keystore that would sync
> passwords with FreeIPA nicely.  I am thinking, in particular, of the
> scenario where users forget their password -- we'd strongly prefer to
> just reset it for them (24 hours, one login) in a way that didn't mean
> also re-issuing all passphrase-secured identity tokens.
>

Not now however:
https://fedorahosted.org/freeipa/ticket/754
https://fedorahosted.org/freeipa/ticket/237
https://fedorahosted.org/freeipa/ticket/521

There are also some thoughts and ideas about IPA as a secure vault for
other credentials in other systems which is not logged as a ticket.


Would you mind sharing with us your ideas about this functionality
actually should work?
Use cases, examples and design ideas are very welcome.



> Thanks,
>
> Ian
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to