On 06/04/2012 09:28 AM, Kline, Sara wrote: > Some of my users have expressed concerns about moving to FreeIPA because > they prefer to use SSH. The main reason behind that is because they can > use agent forwarding and only have to sign on once. I did find > information on forwardable Kerberos tickets, kinit –f. Has anyone used > this in place of SSH keys, or do you have other suggestions? There are a > few service accounts scripted to work with SSH keys so we may have to > leave a few local accounts on the servers. I don’t particularly like > that idea. > > > > Sara Kline > > System Administrator > > Transaction Network Services, Inc > > 4501 Intelco Loop, Lacey WA 98503 > > Wk: (360) 493-6736 > > Cell: (360) 280-2495 > > > >
Kerberos works just fine in place of SSH keys, I have been using it for years now. As well, and I am sure others can provide more details, but I believe the version 3 release of FreeIPA manages host and user SSH keys, so I imagine with that you can use either or, though I am a kerb purist. -Erinn _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users