On Пят, 15 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
So, I got to play around with this and implemented the "workaround" we
discussed.
I ended up using ksu with sshd ForceCommand to make it more seamless for users.
Here are some of the issues I faced though:
1. IdP requires FAST and
So, I got to play around with this and implemented the "workaround" we
discussed.
I ended up using ksu with sshd ForceCommand to make it more seamless for users.
Here are some of the issues I faced though:
1. IdP requires FAST and I'm not sure how I'm supposed to configure that
correctly in
On Аўт, 12 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
Having said that, I'm not even sure if one can request a specific
preauth method today in SSSD.
And by that I mean as a hint before the actual AS_REQ. IIUC this isn't
straightforward to do currently because:
- The PAM conversation
> Having said that, I'm not even sure if one can request a specific preauth
> method today
> in SSSD.
And by that I mean as a hint before the actual AS_REQ. IIUC this isn't
straightforward to do currently because:
- The PAM conversation happens after the AS_REP and depends on the supported
> On Суб, 09 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
>
> If you are using RHEL subscription, it might make sense to open a
> customer case and provide more details there, along with a request for
> enhancement and point to this thread so that we can connect the dots and
> get this
Am Sun, Mar 10, 2024 at 04:46:45PM +0200 schrieb Alexander Bokovoy via
FreeIPA-users:
> On Суб, 09 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
> > Thanks for the detailed answer, glad we didn't miss anything obvious.
> > I just want to add a bit more clarification on what we were
On Суб, 09 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
Thanks for the detailed answer, glad we didn't miss anything obvious.
I just want to add a bit more clarification on what we were proposing
IPA only responsible for its own users. If authentication relies on an
external identity
Thanks for the detailed answer, glad we didn't miss anything obvious.
I just want to add a bit more clarification on what we were proposing
> IPA only responsible for its own users. If authentication relies on an
> external identity (e.g. AD user), then authority holding information
> about that
Hi,
On Суб, 09 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
We have several deployments of RHEL IdM consisting of a cross-forest
trust with on-prem MS Active Directory. Users are able to login to the
IdM resources with their Corporate AD credentials (i.e. password or
existing AD
