On (02/06/15 15:25), nat...@nathanpeters.com wrote:
>I am running FreeIPA 4.1.3 on CentOS 7 for the server and on the client is
>CentOS 6.5 with client 3.0.0-42 (sssd 1.11.6-30).
>I have created a user in FreeIPA and he has access to a server through
>HBAC rules.  This user has created a public / private keypair and uploaded
>the public key from his personal machine to the IPA server so it shows up
>in his user record.  The record was saved and he successfully logged into
>the IPA client using the keys.
>According to the docs here (Yes, I know it's a little old but I could not
>find any newer info that conflicted with this) :
Aa you already notice it isquite old documetation.

>2.Stores the user key in a custom file, .ssh/sss_authorized_keys, in the
>standard authorized keys format.
There's bug in documentation.

>However, when he logs in, there is no sss_authorized_keys file created and
>as far as I can tell, the key is never cached in his account.
The better test would be to authenticate with ssh keys online,
so they can be fetched from FreeIPA
then block connection to FreeIPA (simmulate offline state)
and re-test one more time.

>How do I get the keys to actually save on login like the manual says?
Keys are already cached in different file /var/lib/sss/pubconf/known_hosts.
@see rhel7 documentation [1]

rhel7 documentation[1] should contain valid and recent information.
If you found any issues plese report them.



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to