On Thu, Jul 09, 2015 at 11:33:23AM +0200, Nicola Canepa wrote:
> I was trying Freeipa as an addition and (maybe) future replacement for the
> current SSO solution (custom and only for web apps).
> I was able to authenticate (via pam_exec) LDAP users on the legacy system.
> My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP
> users not created by IPA.
> I enabled migration mode in Freeipa, so that authenticated users should get
> Kerberos hash created upon first login, but I don't know how to make users
> login without creating them in advance.
> Is there a (suggested) way to let users authenticate via Kerberos and create
> users authenticated by PAM upon first login?
Create user where -- in the Web application or in FreeIPA?
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project