FreeIPA

From sshcWiki
Revision as of 18:17, 20 April 2014 by Cswingler (talk | contribs) (Words about FreeIPA before I forget (typed from my iPhone))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Limitations/Missing Features

Lack of a UI for user x.509 PKI

Despite the fact that FreeIPA includes a CA - and does natively handle certificates for hosts, it unfortunately doesn't handle it for users, natively.

This is kind of a pain, seeing that solutions like OpenVPN depend on x.509 PKI for authentication.

This feature is road mapped for FreeIPA, but doesn't appear to currently exist.

As a workaround, it should be possible to talk to Dogtag directly, generate a cert, and store it in the proper attribute within 389-DS. Hopefully, the FreeIPA team does what seems obvious, and this will work after they finally implement it. :-)

Retrieved from "https://wiki.sshchicago.org/index.php?title=FreeIPA&oldid=551"