It depends upon what you want to do. If you want a user to authenticate for all purposes
using some external service, you can do that, as long as the external service supports
radius. You may have to et up a radius server and configure it to use the external
authentication. You can have more than one external service. You add the various radius
services to ipa. At that point you can set specific users to use the specific service.
I’ve used this to authenticate against our University’s certain LDAP, though we don’t
intend to use this in production.
Kerberos considers this a one-time password, so it only works for clients that support
one-time passwords. sssd and kinit do, but not all software does. You also can’t generate
a keytab for a user with a one-time password (though we have another approach to
authenticate cron jobs and services for such users). Here’s how I set that up:
https://github.com/clhedrick/kerberos/wiki/Using-Rutgers-passwords-(also,...
On May 16, 2018, at 4:23 PM, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
My company is wanting to use FreeIPA for everything. However we also utilize other
external services that have their own auth system but can support oauth, or
gsuite/facebook etc etc. Is this possible w/ FreeIPA?
Also,
Searching through google I found this - Ipsilon <
https://ipsilon-project.org/>.
Would you recommend I use that?
Ipsilon
By Ipsilon Project
Ipsilon identity provider project homepage
<
https://ipsilon-project.org/>
Thank you!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org