fedora-packager

Clone

7d80679 Add pkinit config and ipa certs

Authored and Committed by ryanlerch 3 years ago
raw patch tree parent
6 files changed. 62 lines added. 1 lines removed.
Makefile.am
file modified
+6 -0
fedora-packager.spec
file modified
+5 -1
ipa_ca/fedoraproject_ipa_ca.crt
file added
+22
ipa_ca/stg_fedoraproject_ipa_ca.crt
file added
+27
krb-configs/fedoraproject_org
file modified
+1 -0
krb-configs/stg_fedoraproject_org
file modified
+1 -0 
    Add pkinit config and ipa certs
    
    In the FAS replacement being rolled out in 2021, that uses freeipa and
    noggin, if a user has 2FA enabled, they need some extra configuration to
    get kinit working with 2FA. This adds this configuration and the
    required certificates to get it working.
    
    If a user has 2FA enabled and needs to get a kerberos ticket,
    
    First they bneed to Run the following command to initialize the
    credentials cache. Note that this command creates the `armor.ccache`
    file that you will need to point to whenever you request a new kerberos
    ticket
    
     kinit -n @FEDORAPROJECT.ORG -c FILE:armor.ccache
    
    Finally, request the kerberos ticket with the following command:
    
     kinit -T FILE:armor.ccache <username>@FEDORAPROJECT.ORG
    
    You will be presented with the following prompt, be sure to
    *Enter your password first, followed by the OTP Token Value*:
    
     Enter OTP Token Value:
    
    Signed-off-by: Ryan Lerch <rlerch@redhat.com>
file modified
+6 -0
file modified
+5 -1
file added
+22
file added
+27
file modified
+1 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.