-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/06/12 18:28, Kline, Sara wrote: > > Some of my users have expressed concerns about moving to FreeIPA because they prefer to use SSH. The main reason behind that is because they can use agent forwarding and only have to sign on once. I did find information on forwardable Kerberos tickets, kinit ?f. Has anyone used this in place of SSH keys, or do you have other suggestions? There are a few service accounts scripted to work with SSH keys so we may have to leave a few local accounts on the servers. I don?t particularly like that idea. > Hi Sara The big difference here is your users will see this as you taking something away from them. Yes kerberos tickets will work perfectly in this situation, I do this myself. The issue you need to be aware of is that they will expire, as they should. An SSH key is nothing more than bypassing an authentication process. I would recommend using centralized service accounts in place of more local accounts, as this way you will always be able to manage them in the future. Does this help? > > > Sara Kline > > System Administrator > > Transaction Network Services, Inc > > 4501 Intelco Loop, Lacey WA 98503 > > Wk: (360) 493-6736 > > Cell: (360) 280-2495 > > > > > ------------------------- > This e-mail message is for the sole use of the intended recipient(s)and may > contain confidential and privileged information of Transaction Network Services. > Any unauthorised review, use, disclosure or distribution is prohibited. If you > are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzPItAAoJEAJsWS61tB+qtfEP/irmelW0sGNW9l2W80DX4piY E209XSH6/F6/5Duj6LpY3ISELjJdwS/eRikeG+49oivOZWbvEzZ9VSl3TE6TuI7U wnrpvMt6kdxcgeeTZ31f97nPRwYv50xO9iWU+4ymzW3tzWQt96Er1LXxO8UP++KN LQ5eUF2gxe0f5WMtKpWwJkTSZlqlCztco5red7Xadze4phUWt3y2OfzLJV3DUqig /Y44kgtrQfI+Qm8mjrNfZFTnqSALW6kgZ3Ad7hh+1SuNn7D6WyOOkedn5169fYlf UiDr28G2MM2wdWoh0l9ldqQN3acMDYFDdT0vHXeIq9ygbO1NfTBVC4iRnICCAc+O GWnmVPY2qGM6/qA7BY11YRNG5Y7PVgEjB6P/zAkMgTds9m87VLpH4QjiifT77R5h Gt/FNqnT/h9fTF2eoK9RjSdFHcPmplqCUDzfgoLrpDsscyS0RccG6O9z8QCKyeI5 wNl6NtSIb8yqGNN9wfZd3UAbGE5omaofDchMAOV7pcDnenYEju2bXXX9GU4VB09i GSloEpXRyK189B+oRgd/kmb1DlUuDDMoevHZ/161QI6TuriORyQkqtAq9dOl1Xwl H7RbwtW0iDxcYfslN3NlF+NOEXOemagQLb7uZU0ARPDbMFobJMdrVHSFTcDsa+Zg L85opgHXJxOWs0nBERcc =dvkx -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users