On 03/25/2015 02:03 PM, Rob Crittenden wrote: > Steve (st33v) Neuharth wrote: >> Hello, >> >> I hope this is an easy question to answer and forgive me if it has been >> answered before. I’ve read through the documentation on how to request an >> ssl cert and I cannot seem to find a process to request a client cert for a >> user. >> >> It seems that all certificates are linked to a kerberos service principal. >> If I’m creating a cert for a user entity, for a VPN client for example, how >> to I link the cert to an actual user account? >> >> thanks for your help, >> —steve >> > > IPA doesn't currently support certificates for users. Policies for > service certificates are easy. Policies for user certificates are often > more complex. > > It is being worked on.
Yup, it should be a FreeIPA 4.2 feature. Please feel free to track https://fedorahosted.org/freeipa/ticket/4938 Would you be interested to eventually trying some Alpha/Beta version of this functionality, to warn us about any potential problems of this feature in this setup? (We are not there yet, just looking if there is an interest) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project