Unfortunately, policy and regulation often lag behind current theory by
several decades. For what it's worth, I'd second being able to set more
complicated policies as a useful feature.
On Oct 12, 2016 6:38 PM, "Simpson Lachlan"
wrote:
> > -Original Message-
> > From: freeipa-users-boun.
Sorry, certified openssl implementation*
On Aug 4, 2016 9:38 AM, "Anon Lister" wrote:
> I'd also like to throw in that the requirements you are facing are likely
> requiring FIPS Certified, not just compliant, as I'm somewhat familiar with
> them. (800-53 or 800
I'd also like to throw in that the requirements you are facing are likely
requiring FIPS Certified, not just compliant, as I'm somewhat familiar with
them. (800-53 or 800-171)
Essentially it will have to fall back on the FIPS compliant openssl
implementation, however I believe there are other cryp
Yep sorry I missed that. You need to put your public keys in IPA.
On Apr 29, 2016 3:32 AM, "Jakub Hrozek" wrote:
On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote:
> >
> > Your can still authenticate with SSH keys, but to access any NFS 4
shares
> > they will need a Kerberos ticket, whi
Your can still authenticate with SSH keys, but to access any NFS 4 shares
they will need a Kerberos ticket, which can be obtained via a 'kinit' after
logging in. I forget what the default timeout is but they do expire, and at
that point access to those shares (by a user or process acting as that
us
Well... I suppose that's problem #2. Problem #1 would be implementing the
bidirectional authentication in the first place. :p
On Mar 10, 2016 11:22 AM, "Petr Spacek" wrote:
> On 10.3.2016 17:20, Anon Lister wrote:
> > I would like an alert when my IPA servers
I would like an alert when my IPA servers successfully establish a
bidirectional trust with mutual authentication with our AD server
Actually I could even skip the alert ;)
On Mar 9, 2016 11:27 AM, "Petr Spacek" wrote:
> Dear users,
>
> FreeIPA team is thinking about adding notification syste
So I had the same problem. For me it ended up being that some attribute was
not created correctly in 389 using the instructions in the guide. I don't
remember what it was off the top of my head. Something about a default user
or group SID I think. Had to turn samba logging up. Eventually it shows t
Hello,
New to list. This is kind of a followup to the post here:
https://www.redhat.com/archives/freeipa-users/2015-January/msg00351.html
We are one of the odder shops that runs almost entirely linux, but the need
to support some windows stuff that requires AD has come up. We have things
setup as