On Sat, 09 Aug 2014, Erinn Looney-Triggs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It would seem to be prudent to set the minssf setting for 389 to 56,
however I am wondering why this isn't done by default, and if there is
any reason why I shouldn't do it?
Anonymous connection to
On Mon, Aug 11, 2014 at 05:18:03PM +0300, Alexander Bokovoy wrote:
On Sat, 09 Aug 2014, Erinn Looney-Triggs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It would seem to be prudent to set the minssf setting for 389 to 56,
however I am wondering why this isn't done by default, and
On 08/10/2014 01:58 PM, James James wrote:
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
https://www.mail-archive.com/freeipa-devel@redhat.com/msg20528.html ?
The DateTime data type will be very useful !
Regards
It would be quite difficult, if not only because of the
On 08/11/2014 04:24 PM, Jakub Hrozek wrote:
On Mon, Aug 11, 2014 at 05:18:03PM +0300, Alexander Bokovoy wrote:
On Sat, 09 Aug 2014, Erinn Looney-Triggs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It would seem to be prudent to set the minssf setting for 389 to 56,
however I am
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on how to
USE OTP.
Specifically I would like to force OTP authentication on specific servers
while allowing password auth in other cases. As I understand
I’m trying to get a client to respect an NFS4 ACL for a directory. I’ve got
users in FreeIPA that match a subset of users in AD. The NFS server is a
FreeBSD box that I’ve got config’ed to use FreeIPA as an LDAP service in
nsswitch for providing uids. I use setfacl there with just the uid. The
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on how to
USE OTP.
Specifically I would like to force OTP authentication on specific servers
while allowing password
On Mon, 11 Aug 2014, Daniel Shown wrote:
I’m trying to get a client to respect an NFS4 ACL for a directory. I’ve got
users in FreeIPA that match a subset of users in AD. The NFS server is a
FreeBSD box that I’ve got config’ed to use FreeIPA as an LDAP service in
nsswitch for providing uids. I
grumble grumble.
Do you know a bug ID or something similar i can search on? FWIW, FreeIPA
server is CentOS 6.5, but the client is Ubuntu 14. Hopefully that makes a
fix easier. :/
d:s
===
*Daniel Shown,*
Linux Systems Administrator
Advanced Technology Group
On Mon, 11 Aug 2014, Daniel Shown wrote:
grumble grumble.
Do you know a bug ID or something similar i can search on? FWIW, FreeIPA
server is CentOS 6.5, but the client is Ubuntu 14. Hopefully that makes a
fix easier. :/
Here is the thread upstream, including the patch:
Thanks for quick response, further questions inline.
On Mon, Aug 11, 2014 at 11:49 AM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not
Hi,
On Sun, 10 Aug 2014, Dmitri Pal wrote:
On 07/21/2014 10:15 AM, dbisc...@hrz.uni-kassel.de wrote:
On Wed, 16 Jul 2014, Dmitri Pal wrote:
On 07/16/2014 07:16 AM, dbisc...@hrz.uni-kassel.de wrote:
I have IPA running on a CentOS 6 server. This server also acts as
NFS- and Samba server. My
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for 2FA?
You can always supplement authentication check with some host-specific
information at the VPN concentrator. We don't have
Hmm... yeah, I've mucked with idmap.conf and still no happiness.
d:s
===
*Daniel Shown,*
Linux Systems Administrator
Advanced Technology Group
Information Technology Services http://www.slu.edu/its
at Saint Louis University http://www.slu.edu/.
314-977-2583
On Mon, Aug 11, 2014 at 10:04:37PM +0300, Alexander Bokovoy wrote:
On Mon, 11 Aug 2014, Daniel Shown wrote:
grumble grumble.
Do you know a bug ID or something similar i can search on? FWIW, FreeIPA
server is CentOS 6.5, but the client is Ubuntu 14. Hopefully that makes a
fix easier. :/
I'm fairly new to FreeIPA, so can someone give me a sanity check? Should I
be able to map AD users in an AD trust to to corresponding FreeIPA users?
i.e. Users can auth with their AD credentials and get a FreeIPA uidnumber,
gidnumber, home, etc.?
Also, if that's not possible, has anyone tried
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for 2FA?
You can always supplement authentication
Thanks a lot for your answer. I will switch to RHEL 7 to use 3.3 ..
Best regards.
James
2014-08-11 17:05 GMT+02:00 Martin Kosek mko...@redhat.com:
On 08/10/2014 01:58 PM, James James wrote:
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for
On Mon, 11 Aug 2014, Daniel Shown wrote:
I'm fairly new to FreeIPA, so can someone give me a sanity check? Should I
be able to map AD users in an AD trust to to corresponding FreeIPA users?
i.e. Users can auth with their AD credentials and get a FreeIPA uidnumber,
gidnumber, home, etc.?
Users
On 08/11/2014 08:49 PM, Alexander Bokovoy wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on
how to
USE OTP.
Specifically I would like to force OTP
On 08/11/2014 10:04 PM, Alexander Bokovoy wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy
aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication
(i.e.
My thought is that while 2 and 3 are same from IPA point of view, since I
am guaranteed to be sending a different credentials in those cases I am
guaranteed to be checking both password and otp. Prevents a case where
user's password ends in a string of digits similar to OTP.
I will look into
Right, that's what I've got at this point. I just wanted to make sure I
wasn't missing something. Unfortunately, that architecture won't work for
me (mostly for political reasons instead of technical ones). I guess I'll
be digging into pass through auth to see if I can get that working.
thx.
I’ve got a prototype setup for cross-realm operations. I don’t know if that’s
useful for you or not. I don’t have control over “my” AD, and I’m managing this
during our CIO’s migration from one AD realm to another (so duplicate users
having distinct DNs and Kerberos principals are the norm,
Hi,
I am trying to allow a radius service account the ability to read
ipaNTHash. I carried out the following steps:
ipa permission-add 'ipaNTHash service read' --attrs=ipaNTHash
--type=user --permissions=read
-
Added permission ipaNTHash service read
26 matches
Mail list logo