Re: [Freeipa-users] label for public keys
Wow, that's actually pretty obvious. That works, thanks! On 4 August 2016 at 17:10, Jan Pazdziora wrote: > On Thu, Aug 04, 2016 at 05:01:00PM +0200, Tiemen Ruiten wrote: > > > > Currently it is possible to add multiple SSH-keys for a single user in > > FreeIPA. We are using this capability to grant access to multiple > > contractors under a single user (so user company1, with keys A, B, C to > > give access to three persons at company1). > > > > Unfortunately it's not possible to label these keys, so to ensure that we > > can revoke access for eg. person B later on, we have to administrate this > > separately. Would it be possible to add this as a feature? Or if it > already > > exists, could someone explain to me how to do it? > > By label, do you mean an admin-friendly string for the key to make > sure you remove the correct key? > > For ssh-rsa keys, after the second space there is a place for comments > and FreeIPA's WebUI will show it when listing the keys. Would that > work for you or do you need something else? > > -- > Jan Pazdziora > Senior Principal Software Engineer, Identity Management Engineering, Red > Hat > -- Tiemen Ruiten Systems Engineer R&D Media -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] label for public keys
On Thu, Aug 04, 2016 at 05:01:00PM +0200, Tiemen Ruiten wrote: > > Currently it is possible to add multiple SSH-keys for a single user in > FreeIPA. We are using this capability to grant access to multiple > contractors under a single user (so user company1, with keys A, B, C to > give access to three persons at company1). > > Unfortunately it's not possible to label these keys, so to ensure that we > can revoke access for eg. person B later on, we have to administrate this > separately. Would it be possible to add this as a feature? Or if it already > exists, could someone explain to me how to do it? By label, do you mean an admin-friendly string for the key to make sure you remove the correct key? For ssh-rsa keys, after the second space there is a place for comments and FreeIPA's WebUI will show it when listing the keys. Would that work for you or do you need something else? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] label for public keys
Hello, Currently it is possible to add multiple SSH-keys for a single user in FreeIPA. We are using this capability to grant access to multiple contractors under a single user (so user company1, with keys A, B, C to give access to three persons at company1). Unfortunately it's not possible to label these keys, so to ensure that we can revoke access for eg. person B later on, we have to administrate this separately. Would it be possible to add this as a feature? Or if it already exists, could someone explain to me how to do it? -- Tiemen Ruiten Systems Engineer R&D Media -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project