Oh wow, thanks guys! Will watch for it to show up in the CentOS repos!

best, Brian

> On Jul 20, 2015, at 16:44, Rob Crittenden <rcrit...@redhat.com> wrote:
> 
> Brian Topping wrote:
>> Hi I was just looking at 
>> http://www.freeipa.org/page/User_certificate_use_cases and was trying to do 
>> some self-service to see when it might get scheduled. Unless I am mistaken, 
>> it doesn't even seem to exist in the backlog. Is that intentional?
>> 
>> The reason I started to look at this again is I have been getting persistent 
>> password cracking attacks against public endpoints such as IMAP and SMTP. 
>> Client certificates would be an ideal solution and would work with mobile 
>> devices as well. I know many are using host certificates for this kind of 
>> thing, but it seems like there would be leakage if a user account were 
>> disabled and the respective hosts were not.
>> 
>> Most of the developers here use OS X, although maybe that needs to be 
>> revisited. I opened issue 21908279 on https://bugreport.apple.com to see if 
>> we could get any traction on making 
>> http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but 
>> bugreport.apple.com is a black hole and not much escapes.
>> 
>> Anyway, I thought these use cases might be interesting to others and it 
>> seems client certs are a great way to solve the problem. Would love to hear 
>> how others have solved these issues!
>> 
>> Cheers, Brian
> 
> It is in FreeIPA 4.2: 
> https://www.redhat.com/archives/freeipa-interest/2015-July/msg00002.html
> 
> rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to