On Tue, Dec 16, 2008 at 5:20 AM, David Miller <millerdc@xxxxxxxxxxxxxx>wrote: > > I'm in the process of evaluating RH IPA server and have run into two > problems. Before I begin here is the setup. One vanilla RHEL 5.2 server > install with IPA channel. One vanilla RHEL 5.2 desktop install with > workstation channel. Eventually I would like to have a couple of Linux > clusters and a few stand alone general compute nodes use an IPA server for > enforcing password policy and authenticating users that will only be using > SSH. > > 1. After getting my evaluation key entered into RHN I successfully > subscribed my RHEL5 server with the IPA sub channel and got the IPA server > up and running. However, I could not find a sub channel to subscribe to for > the IPA client for my RHEL 5 desktop with workstation. I wound up installing > the RPM's from the IPA server installation ISO through yum. What is the > channel used to grab the IPA client packages? The desktop version of RHEL > cannot subscribe to the IPA channel. > > 2. When I create a user account I cannot log into the RHEL workstation > using SSH. I must log the new account in at the console first. At the > console I'm prompted to change the password for the new account right away. > After changing the password I can login using SSH. I like the one time > password but is there a way to make it work over SSH without tying the > machine they are SSHing from to the IPA server's kerberos? Even though the > SSH works after the initial console login what will happen when the password > is due for changing? I have people SSHing in using all sorts of SSH clients > on various operating systems. Getting all of them to work with kerberos just > for SSH is unrealistic. Try setting "ChallengeResponseAuthentication" to yes in the /etc/ssh/sshd_config file. > > David. > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Cheers Najmuddin -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
