On 04/08/2015 11:31 AM, Andrey Ptashnik wrote:
Hello Team,

I know that FreeIPA server supports management of public keys for each user and it is a very convenient feature.

First of all IPA does not support user certs yet. It supports SSH public keys if this is what you are referring to.

Are there any possible way to manage private keys as well including features like re-issuing the key pair if it gets compromised?

I am not sure how you envision the management aspect.
If a private key gets compromised you need to generate the new private key and upload your public key to IPA (if we are talking about SSH) or use CA to sign a CSR if we are talking about certs that will be supported for users in 4.2.

The only management for private keys that one can envision is being able to escrow them.
IPA will provide a vault facility for that matter in 4.2.

What other use cases do you have in mind?


Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to