[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys



On 08/02/2011 02:15 PM, Ian Stokes-Rees wrote:
Is there some mechanism to store private keys (e.g. ssh, pgp, gpg, X.509) in FreeIPA, tied to a user account, so only the user (via kerb token or with password prompt) can fetch the token?

If FreeIPA doesn't make this possible, can anyone suggest a good mechanism to have, effectively, a user keystore that would sync passwords with FreeIPA nicely.  I am thinking, in particular, of the scenario where users forget their password -- we'd strongly prefer to just reset it for them (24 hours, one login) in a way that didn't mean also re-issuing all passphrase-secured identity tokens.


Not now however:
https://fedorahosted.org/freeipa/ticket/754
https://fedorahosted.org/freeipa/ticket/237
https://fedorahosted.org/freeipa/ticket/521

There are also some thoughts and ideas about IPA as a secure vault for other credentials in other systems which is not logged as a ticket.


Would you mind sharing with us your ideas about this functionality actually should work?
Use cases, examples and design ideas are very welcome.



Thanks,

Ian
_______________________________________________ Freeipa-users mailing list Freeipa-users redhat com https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]