Brian Topping wrote:
Hi I was just looking at 
and was trying to do some self-service to see when it might get scheduled. 
Unless I am mistaken, it doesn't even seem to exist in the backlog. Is that 

The reason I started to look at this again is I have been getting persistent 
password cracking attacks against public endpoints such as IMAP and SMTP. 
Client certificates would be an ideal solution and would work with mobile 
devices as well. I know many are using host certificates for this kind of 
thing, but it seems like there would be leakage if a user account were disabled 
and the respective hosts were not.

Most of the developers here use OS X, although maybe that needs to be 
revisited. I opened issue 21908279 on to see if we 
could get any traction on making easier, but is a black hole and not much escapes.

Anyway, I thought these use cases might be interesting to others and it seems 
client certs are a great way to solve the problem. Would love to hear how 
others have solved these issues!

Cheers, Brian

It is in FreeIPA 4.2:


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to