Brian Topping wrote:
Hi I was just looking at http://www.freeipa.org/page/User_certificate_use_cases
and was trying to do some self-service to see when it might get scheduled.
Unless I am mistaken, it doesn't even seem to exist in the backlog. Is that
intentional?
The reason I started to look at this again is I have been getting persistent
password cracking attacks against public endpoints such as IMAP and SMTP.
Client certificates would be an ideal solution and would work with mobile
devices as well. I know many are using host certificates for this kind of
thing, but it seems like there would be leakage if a user account were disabled
and the respective hosts were not.
Most of the developers here use OS X, although maybe that needs to be
revisited. I opened issue 21908279 on https://bugreport.apple.com to see if we
could get any traction on making
http://linsec.ca/Using_FreeIPA_for_User_Authentication easier, but
bugreport.apple.com is a black hole and not much escapes.
Anyway, I thought these use cases might be interesting to others and it seems
client certs are a great way to solve the problem. Would love to hear how
others have solved these issues!
Cheers, Brian
It is in FreeIPA 4.2:
https://www.redhat.com/archives/freeipa-interest/2015-July/msg00002.html
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
