On Tue, 24 Sep 2013, Alexandre Ellert wrote:
I've successfully setup a testing environment with an IPA server (RHEL 6.4) and
a cross realm trust with my Active Directory (Win2008 R2).
Authentication works both with AD passwords and Kerberos GSS-API.
Now, I'm trying to find the way to manage ssh key which belong to AD
users. It seems that I can do that only with users declared on IPA
domain. Can you confirm that ?
Yes. AD users do not exist physically in IPA LDAP, therefore there is no
object to assign attributes into.
Does winsync method provide a way to add ssh key to an AD user ?
Under winsync AD users would become 'normal' LDAP objects in IPA,
therefore you can assign additional values/attributes to them.
/ Alexander Bokovoy
Freeipa-users mailing list