Difference between revisions of "FreeIPA"
Jump to navigation
Jump to search
(Words about FreeIPA before I forget (typed from my iPhone)) |
|||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | {{UpdateNeeded}} | ||
+ | |||
== Limitations/Missing Features == | == Limitations/Missing Features == | ||
=== Lack of a UI for user x.509 PKI === | === Lack of a UI for user x.509 PKI === | ||
− | Despite the fact that FreeIPA includes a CA - and does natively handle certificates for ''hosts,'' it unfortunately doesn't handle it for users, natively. | + | Despite the fact that FreeIPA includes a CA - and does natively handle certificates for ''hosts,'' it unfortunately doesn't handle it for users, natively. |
− | This is kind of a pain, seeing that solutions like OpenVPN depend on x.509 PKI for authentication. | + | This is kind of a pain, seeing that solutions like OpenVPN depend on x.509 PKI for authentication. |
− | This feature is road mapped for FreeIPA, but doesn't appear to currently exist. | + | This feature is road mapped for FreeIPA, but doesn't appear to currently exist. |
As a workaround, it should be possible to talk to Dogtag directly, generate a cert, and store it in the proper attribute within 389-DS. Hopefully, the FreeIPA team does what seems obvious, and this will work after they finally implement it. :-) | As a workaround, it should be possible to talk to Dogtag directly, generate a cert, and store it in the proper attribute within 389-DS. Hopefully, the FreeIPA team does what seems obvious, and this will work after they finally implement it. :-) |
Latest revision as of 00:38, 27 January 2022
This article is Out of date. Please update this article and remove this template! |
Limitations/Missing Features
Lack of a UI for user x.509 PKI
Despite the fact that FreeIPA includes a CA - and does natively handle certificates for hosts, it unfortunately doesn't handle it for users, natively.
This is kind of a pain, seeing that solutions like OpenVPN depend on x.509 PKI for authentication.
This feature is road mapped for FreeIPA, but doesn't appear to currently exist.
As a workaround, it should be possible to talk to Dogtag directly, generate a cert, and store it in the proper attribute within 389-DS. Hopefully, the FreeIPA team does what seems obvious, and this will work after they finally implement it. :-)