Re: [Freeipa-users] Actions for a stolen/compromised IPA Client

2016-11-16 Thread Nordgren, Bryce L -FS
Babinsky <mbabi...@redhat.com>; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Actions for a stolen/compromised IPA Client Indeed the kinit keeps working correctly. If you give a good password it retrieves the tokens correctly. Thus it's not only DOS, but also an potentional brutal pa

Re: [Freeipa-users] Actions for a stolen/compromised IPA Client

2016-11-16 Thread Paessens, Daniel
. Daniel -Original Message- From: Martin Babinsky [mailto:mbabi...@redhat.com] Sent: Wednesday, November 16, 2016 10:30 AM To: Paessens, Daniel <daniel.paess...@hpe.com>; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Actions for a stolen/compromised IPA Client On 11/16/2016

Re: [Freeipa-users] Actions for a stolen/compromised IPA Client

2016-11-16 Thread Martin Babinsky
On 11/16/2016 10:04 AM, Paessens, Daniel wrote: Currently am I looking for a workable solution for the following situation: Let's say that an ipa client has been stolen (or compromised). What can we do to block all access from it, towards IPA (and rest) For example if we use the command