Thank you for the answer.
Sory if i lack the knowledge, but why SSL is needed when using kerberos?
Kerberos is based on 3th party that is trusted, why there is a need for
public key encryption?
On Mar 19, 2014 12:24 AM, "Rob Crittenden" <> wrote:

> Genadi Postrilko wrote:
>> Hello all.
>> I'm trying to understand the use of the certificates in the
>> communication between an IPA client and server.
>> The documentation describes the retrieval of CA certificate while client
>> setup:
>> "Retrieve the CA certificate for the IdM CA"
>> And retrieval of SSL server certificate:
>> "Enable certmonger, retrieve an SSL server certificate, and install the
>> certificate in |/etc/pki/nssdb"|
>> Hat_Enterprise_Linux/6/html/Identity_Management_Guide/
>> setting-up-clients.html#what-happens-clients
>>  From my understanding the authentication in IPA environment is kerberos
>> based, therefore the client and server share a "secret" that allows the
>> user to authenticate himself to the server and vice versa.
>> Where comes the need for certificate? Some of the IPA server services
>> are not kerberized?
> Kerberos over HTTP requires SSL which is why the CA is retrieved and
> installed.
> We don't currently use the machine certificate. This was for
> future-proofing.
> rob
Freeipa-users mailing list

Reply via email to