It depends upon what you want to do. If you want a user to authenticate for all purposes using some external service, you can do that, as long as the external service supports radius. You may have to et up a radius server and configure it to use the external authentication. You can have more than one external service. You add the various radius services to ipa. At that point you can set specific users to use the specific service. I’ve used this to authenticate against our University’s certain LDAP, though we don’t intend to use this in production.
Kerberos considers this a one-time password, so it only works for clients that support one-time passwords. sssd and kinit do, but not all software does. You also can’t generate a keytab for a user with a one-time password (though we have another approach to authenticate cron jobs and services for such users). Here’s how I set that up: https://github.com/clhedrick/kerberos/wiki/Using-Rutgers-passwords-(also,-radius-as-front-end-for-IPA) > On May 16, 2018, at 4:23 PM, Andrew Meyer via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > My company is wanting to use FreeIPA for everything. However we also utilize > other external services that have their own auth system but can support > oauth, or gsuite/facebook etc etc. Is this possible w/ FreeIPA? > > Also, > Searching through google I found this - Ipsilon > <https://ipsilon-project.org/>. Would you recommend I use that? > > > Ipsilon > By Ipsilon Project > Ipsilon identity provider project homepage > <https://ipsilon-project.org/> > > > Thank you! > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZLCEZTVCVKUKIULZW3J275YSSREVE7M2/
