Re: [Freeipa-users] Understanding role of the certificate in client - server communication.

Thank you for the answer. Sory if i lack the knowledge, but why SSL is needed when using kerberos? Kerberos is based on 3th party that is trusted, why there is a need for public key encryption? On Mar 19, 2014 12:24 AM, Rob Crittenden rcrit...@redhat.com wrote: Genadi Postrilko wrote: Hello

Re: [Freeipa-users] Understanding role of the certificate in client - server communication.

On Wed, 19 Mar 2014, Genadi Postrilko wrote: Thank you for the answer. Sory if i lack the knowledge, but why SSL is needed when using kerberos? Kerberos is based on 3th party that is trusted, why there is a need for public key encryption? Using Kerberos only, without asking for integrity and

[Freeipa-users] passwordless login into IPA clients possible from non IPA client?

Hi, Subject says it all actually. I have a laptop with Fedora20. I work as a contractor on different assignments. Some of them have an IPA domain set up. Their RHEL6 servers are all IPA clients. I would like to ssh into these servers passwordless using ssh-agent and such. Is this possible? If so,

Re: [Freeipa-users] passwordless login into IPA clients possible from non IPA client?

Hi Fred, You can add your public keys to the users profile via the GUI of CLI. Take contents of the .ssh/id_rsa.pub from your Fedora20 Laptop and insert it in the GUI. User - ACCOUNT SETTINGS - SSH public keys - add http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/user-keys.html

Re: [Freeipa-users] Understanding role of the certificate in client - server communication.

On Wed, 2014-03-19 at 10:56 +0200, Alexander Bokovoy wrote: On Wed, 19 Mar 2014, Genadi Postrilko wrote: Thank you for the answer. Sory if i lack the knowledge, but why SSL is needed when using kerberos? Kerberos is based on 3th party that is trusted, why there is a need for public key

Re: [Freeipa-users] IPA DNS response issue

On 18.3.2014 15:26, David wrote: Hi all - We have an installation of FreeIPA (through CentOS 6.5) that's exhibiting some odd behavior with respect to serving DNS. Periodically (interval at random) named running on a replica will stop serving requests from the LDAP server but continue to

Re: [Freeipa-users] IPA DNS response issue

On Wed, Mar 19, 2014 at 01:57:24PM +0100, Petr Spacek wrote: On 18.3.2014 15:26, David wrote: We have an installation of FreeIPA (through CentOS 6.5) that's exhibiting some odd behavior with respect to serving DNS. Periodically (interval at random) named running on a replica will stop serving

Re: [Freeipa-users] passwordless login into IPA clients possible from non IPA client?

Andrew's suggestion works fine, but you can also set up a simple krb5.conf on the source hosts and then issue a kinit. It doesn't have to be a full IPA client for that to work. You can also do this from a Windows box by using the MIT Kerberos for Windows package: