Re: [Freeipa-users] Client Certificates not in backlog
Oh wow, thanks guys! Will watch for it to show up in the CentOS repos! best, Brian > On Jul 20, 2015, at 16:44, Rob Crittenden wrote: > > Brian Topping wrote: >> Hi I was just looking at >> http://www.freeipa.org/page/User_certificate_use_cases and was trying to do >> some self-service to see when it might get scheduled. Unless I am mistaken, >> it doesn't even seem to exist in the backlog. Is that intentional? >> >> The reason I started to look at this again is I have been getting persistent >> password cracking attacks against public endpoints such as IMAP and SMTP. >> Client certificates would be an ideal solution and would work with mobile >> devices as well. I know many are using host certificates for this kind of >> thing, but it seems like there would be leakage if a user account were >> disabled and the respective hosts were not. >> >> Most of the developers here use OS X, although maybe that needs to be >> revisited. I opened issue 21908279 on https://bugreport.apple.com to see if >> we could get any traction on making >> http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but >> bugreport.apple.com is a black hole and not much escapes. >> >> Anyway, I thought these use cases might be interesting to others and it >> seems client certs are a great way to solve the problem. Would love to hear >> how others have solved these issues! >> >> Cheers, Brian > > It is in FreeIPA 4.2: > https://www.redhat.com/archives/freeipa-interest/2015-July/msg2.html > > rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Client Certificates not in backlog
Brian Topping wrote: Hi I was just looking at http://www.freeipa.org/page/User_certificate_use_cases and was trying to do some self-service to see when it might get scheduled. Unless I am mistaken, it doesn't even seem to exist in the backlog. Is that intentional? The reason I started to look at this again is I have been getting persistent password cracking attacks against public endpoints such as IMAP and SMTP. Client certificates would be an ideal solution and would work with mobile devices as well. I know many are using host certificates for this kind of thing, but it seems like there would be leakage if a user account were disabled and the respective hosts were not. Most of the developers here use OS X, although maybe that needs to be revisited. I opened issue 21908279 on https://bugreport.apple.com to see if we could get any traction on making http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but bugreport.apple.com is a black hole and not much escapes. Anyway, I thought these use cases might be interesting to others and it seems client certs are a great way to solve the problem. Would love to hear how others have solved these issues! Cheers, Brian It is in FreeIPA 4.2: https://www.redhat.com/archives/freeipa-interest/2015-July/msg2.html rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Client Certificates not in backlog
Hi I was just looking at http://www.freeipa.org/page/User_certificate_use_cases and was trying to do some self-service to see when it might get scheduled. Unless I am mistaken, it doesn't even seem to exist in the backlog. Is that intentional? The reason I started to look at this again is I have been getting persistent password cracking attacks against public endpoints such as IMAP and SMTP. Client certificates would be an ideal solution and would work with mobile devices as well. I know many are using host certificates for this kind of thing, but it seems like there would be leakage if a user account were disabled and the respective hosts were not. Most of the developers here use OS X, although maybe that needs to be revisited. I opened issue 21908279 on https://bugreport.apple.com to see if we could get any traction on making http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but bugreport.apple.com is a black hole and not much escapes. Anyway, I thought these use cases might be interesting to others and it seems client certs are a great way to solve the problem. Would love to hear how others have solved these issues! Cheers, Brian signature.asc Description: Message signed with OpenPGP using GPGMail -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project