Dear barrykfl,
one of the issues that will emerge - users updating (changing)
passwords (if you want them to use ipa ui)
regards,
--- Ernedin ZAJKO
ezajko(a)root.ba
340282366920938463463374607431768211456
On Thu, May 31, 2018 at 9:06 AM <barrykfl(a)gmail.com> wrote:
>
> Yes I read the point knew they are difference ..But if most users 90% no need access
httsps://myserver.com/ipa/UI and just use ldap authorization ...so I don't need ask
user migration or change password ? our users 90% use 3rd party open source and LDAP Auth.
??? actual what example of Kerberos auth affecting user in such situation? users don't
self edit UI info even password they ask administartor to reset for them.
>
> Point 6 in document:
> It is possible to use LDAP authentication in Identity Management instead of Kerberos
authentication, which means that Kerberos hashes are not required for users. However, this
limits the capabilities of Identity Management and is not recommended.
>
> 2018-05-31 14:26 GMT+08:00 Ernedin Zajko <ezajko(a)root.ba>:
>>
>> Dear barrykfl,
>>
>> you may find nicely documented procedure at [1]:
>>
>> cheers,
>> --- Ernedin ZAJKO
>> ezajko(a)root.ba
>>
>> [1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
>>
>>
>>
>>
340282366920938463463374607431768211456
>> On Thu, May 31, 2018 at 6:47 AM Ernedin Zajko <ezajko(a)root.ba>
wrote:
>> >
>> > Hi there,
>> >
>> > UI uses Kerberos...
>> >
>> > Regards,
>> >
>> > ---
>> >
>> > EZajko
>> > @root.ba
>> >
>> > On Thu, May 31, 2018, 05:48 barrykfl--- via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>> >>
>> >> Hi all:
>> >>
>> >> After I migrated to new Servers .using migrateds command..I used
server.com:389 connect and embedded in
>> >> 3 rd opensource.
>> >>
>> >> I found user can login successfully ...but
>> >>
>> >> the
http://server.com/ipa/ui cannot ...
>> >>
>> >> user have to use
http://server.com/ipa/migration then can success login
the UI.
>> >>
>> >> So what are the difference is these password migration ? actually at 3
rd part opensource user use ldap password login successfully but the UI fail..
>> >>
>> >>
>> >> _______________________________________________
>> >> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> >> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
>> >> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>> >> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> >> List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
>
>