>> - Users can't login to a Linux box using just "username" (firstname.lastname@example.org
> In the current version you can use the 'default_domain_suffix' option in
> sssd.conf on the clients. In RHEL-7.4 we are looking into making this
> limitation go away.
Thank you very much, Jakub. That is helpful information! Are you saying that
there will basically be a domain search order or something for users that login
without specifying a domain?
Back to the community as a whole, regarding these other items:
> - Since AD trust users don't show up in FreeIPA web UI users can't login
> to manage their own SSH keys
After doing some additional thinking/researching I realized that SSH keys
become largely irrelevant because of GSSAPI (Dmitri Pal posed this question in
> - User/group management in general becomes largely a command-line
> operation (such as mapping groups so they can be used in HBAC and sudo rules)
While this is a nice-to-have, it isn't a deal breaker.
I have another question. Can additional authentication requirements (such as
2FA) be imposed on users from a trust via IPA?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project