On ke, 04 huhti 2018, Michael Rainey (Contractor, Code 7320) via FreeIPA-users wrote:
Greetings,
My organization is working to remove the need for passwords for its
end-users. While moving forward on this project I have noticed after
logging into a system the user is never given a TGT after login. A
TGT can be obtained by using kinit and entering a password, but this
defeats the purpose eliminating the use of passwords. Is there some
guidance I can follow to configure freeIPA to obtain a TGT at login.
So farmy searches have come up empty.
Is this type of configuration handled by SSSD or do I need to
configure kerberos?
Any guidance is greatly appreciated.
What type of a login do you talk about? SSH
access, console login, using
graphical environment, etc?
Login without password is possible to achieve multiple ways. Which one
is in use here?
A bit more details on what is the workflow in use would help.
--
/ Alexander Bokovoy