[Freeipa-users] Some interrogations about the freeipa deployment
Dale Macartney
dale at themacartneyclan.com
Tue Jan 22 22:13:45 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/22/2013 09:51 PM, Steven Jones wrote:
> Hi,
>
> I have all done this, so from what you write I think IPA would be a
good fit for what you want, except that is the single sign on bit I have
not looked to see if that can be done. For http restart you control that
via sudo in IPA so its centrally managed, I have this working for one
such server though I use the reload option instead.
to enable SSO with SSH from a ipa workstation, just edit
/etc/ssh/sshd_config and make sure the line below is set to yes
"GSSAPIAuthentication yes"
If you've just made the change, it won't take effect until SSH is
restarted. So do the usual service sshd restart.
>
> I would also not run one instance of IPA myself but with such a small
site that's your call.
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> -------------------------
> *From:* freeipa-users-bounces at redhat.com
[freeipa-users-bounces at redhat.com] on behalf of Bob Sauvage
[Bob.sauvage at gmx.fr]
> *Sent:* Wednesday, 23 January 2013 9:51 a.m.
> *To:* freeipa-users at redhat.com
> *Subject:* [Freeipa-users] Some interrogations about the freeipa
deployment
>
> Hi *,
>
> I plan to review the network architecture of my office. 10
Windows/Linux desktops and 2 Linux servers will be deployed on the network.
>
> I want to install freeipa on the first server to act like an AD DS. I
want to authenticate users on the server and controlling what can be
done or not by them on the network. 10 other linux web servers should be
accessible (console) by specific users and without the need to
authenticating again (single sign on). On these web servers, users can
issue specific commands like "/etc/init.d/httpd restart".
>
> Is it possible to achive this with freeipa ? Do you have some articles ?
>
> Thanks in advance,
>
> Bob !
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJQ/w8VAAoJEAJsWS61tB+q2+8P/0voaYOSa/ZnwiQmvrqLsaPE
oYm4j/m88STSXvDdhDsgNQJZJFY9XDv7y3njnuSWElqHD0yGBEbJvc+pmoi8uZf0
8EORIarUQhCf6awI4RIHxg6+nOOwVkllx/FDVSJldGnKlv3OSvOrln+tTK9gITkg
ZzsMvtFTYIjrF4nMSEtTCGfFi7lnmCrvXhXijKSCRjUfZI51t78SamI5ldKzV6Zy
RE4ofJQexUpWhCXnDyWg5I/fDY6EQc9UAjeiVjmC462Sp32Rso5bQBYUwrQtD8uG
d1b1sfOW3v+oExmnOfSeGwzssl8SzYk1jr9kak9JU1DctPIgp5aCjpKYtRTnh5GB
44bNMXATFHRWVU21QlaTYwmQue12cb1BaehMUjZfvHTvNcK171RF9DfAhxS+U1Z4
ZCyv8mUGDB28xWKx0fH5639CGjPYCZxltOOF/053W7ZyrrRN38O2AD7LUkYdH3kb
ci04L/tB8znXcP6OQaTeDzJHY12bkspJz+tBNvM/KeFhJQxw/FQqtFi55KrhlKMN
XCsHdj3fqEzV/h6+3wu0Na7Y4hDt5mf0i3i1UTO9nj941QIr2BYKrQLzKSKLu/Md
Z+E04ZgiQWgzb+Yw4bFv6I8g4y6nrUFVvDxt970bqgbk9cbfAGLEMjd6xRm6QDgq
CJUkZcaWqi3SYPeGHx0x
=fTHE
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130122/cc2f2372/attachment.htm>
More information about the Freeipa-users
mailing list