FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 12-15-2008, 10:50 PM
David Miller
 
Default RedHat IPA questions.

I'm in the process of evaluating RH IPA server and have run into two
problems. Before I begin here is the setup. One vanilla RHEL 5.2
server install with IPA channel. One vanilla RHEL 5.2 desktop install
with workstation channel. Eventually I would like to have a couple of
Linux clusters and a few stand alone general compute nodes use an IPA
server for enforcing password policy and authenticating users that
will only be using SSH.


1. After getting my evaluation key entered into RHN I successfully
subscribed my RHEL5 server with the IPA sub channel and got the IPA
server up and running. However, I could not find a sub channel to
subscribe to for the IPA client for my RHEL 5 desktop with
workstation. I wound up installing the RPM's from the IPA server
installation ISO through yum. What is the channel used to grab the IPA
client packages? The desktop version of RHEL cannot subscribe to the
IPA channel.


2. When I create a user account I cannot log into the RHEL workstation
using SSH. I must log the new account in at the console first. At the
console I'm prompted to change the password for the new account right
away. After changing the password I can login using SSH. I like the
one time password but is there a way to make it work over SSH without
tying the machine they are SSHing from to the IPA server's kerberos?
Even though the SSH works after the initial console login what will
happen when the password is due for changing? I have people SSHing in
using all sorts of SSH clients on various operating systems. Getting
all of them to work with kerberos just for SSH is unrealistic.


David.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 12-17-2008, 04:30 PM
"Naju ...."
 
Default RedHat IPA questions.

On Tue, Dec 16, 2008 at 5:20 AM, David Miller <millerdc@fusion.gat.com>wrote:

>
> I'm in the process of evaluating RH IPA server and have run into two
> problems. Before I begin here is the setup. One vanilla RHEL 5.2 server
> install with IPA channel. One vanilla RHEL 5.2 desktop install with
> workstation channel. Eventually I would like to have a couple of Linux
> clusters and a few stand alone general compute nodes use an IPA server for
> enforcing password policy and authenticating users that will only be using
> SSH.
>
> 1. After getting my evaluation key entered into RHN I successfully
> subscribed my RHEL5 server with the IPA sub channel and got the IPA server
> up and running. However, I could not find a sub channel to subscribe to for
> the IPA client for my RHEL 5 desktop with workstation. I wound up installing
> the RPM's from the IPA server installation ISO through yum. What is the
> channel used to grab the IPA client packages? The desktop version of RHEL
> cannot subscribe to the IPA channel.
>
> 2. When I create a user account I cannot log into the RHEL workstation
> using SSH. I must log the new account in at the console first. At the
> console I'm prompted to change the password for the new account right away.
> After changing the password I can login using SSH. I like the one time
> password but is there a way to make it work over SSH without tying the
> machine they are SSHing from to the IPA server's kerberos? Even though the
> SSH works after the initial console login what will happen when the password
> is due for changing? I have people SSHing in using all sorts of SSH clients
> on various operating systems. Getting all of them to work with kerberos just
> for SSH is unrealistic.


Try setting "ChallengeResponseAuthentication" to yes in the
/etc/ssh/sshd_config file.


>
> David.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
Cheers
Najmuddin
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 12:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org