On 04/08/2015 11:31 AM, Andrey Ptashnik wrote:
I know that FreeIPA server supports management of public keys for each
user and it is a very convenient feature.
First of all IPA does not support user certs yet. It supports SSH public
keys if this is what you are referring to.
Are there any possible way to manage private keys as well including
features like re-issuing the key pair if it gets compromised?
I am not sure how you envision the management aspect.
If a private key gets compromised you need to generate the new private
key and upload your public key to IPA (if we are talking about SSH) or
use CA to sign a CSR if we are talking about certs that will be
supported for users in 4.2.
The only management for private keys that one can envision is being able
to escrow them.
IPA will provide a vault facility for that matter in 4.2.
What other use cases do you have in mind?
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project