Andrey Ptashnik wrote: > Hello Team, > > I know that FreeIPA server supports management of public keys for each > user and it is a very convenient feature. > Are there any possible way to manage private keys as well including > features like re-issuing the key pair if it gets compromised?
I assume you mean SSH keys. IPA doesn't issue keys, so re-issuing is out and AFAIK no plans to do this. There are plans for a Key Recovery vault which can store a private key, see https://fedorahosted.org/freeipa/ticket/3872 . This doesn't help in the case of compromise but it does mean that keys aren't lost. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project