On 8/3/11 4:47 AM, Ondrej Valousek wrote: Maybe stupid question, but I have to ask: If you only work in a single administrative domain, this is fine. I am constantly accessing systems all over the US, and internationally, and the use of ssh-key-based authentication allows me to do this without continuous password prompts. In fact, on many of the systems I can *only* access them by ssh-key. Being able to hold those keys in central keystore like FreeIPA with a single passphrase, and the ability for an administrator to reset that passphrase, is very desirable for me and for the other users of the systems I'm a part of. Resetting key-based access control if the private key passphrase is lost is always a nuisance. Ian |
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users