On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote:
> Michał Dwużnik wrote:
> >Sorry for quick continuation...
> >
> >Certificate added to nss DB in /etc/pki
> >certutil -A -d /etc/pki/ -n "IPA CA" -t CT,C,C -a -i pki/ca.crt
> >
> >sssd configured according to
> >http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/linux-manual.html
> >
> >How do I test now, before changing PAM options that the pieces fit together?
> Perhaps exercise nss with:
> % id admin
> % getent passwd admin
> % getent group admin
> You can substitute admin for any IPA user or group.
> And really you can skip the cert step if you want. Unless you have
> something that will use it we put a cert on the system as a
> convenience right now. There isn't currently anything using it by
> default.
> rob

On the client, one piece of functionality where you need the cert are
password migrations from LDAP to IPA. I don't think that's your case,

Freeipa-users mailing list

Reply via email to