Hello,
Without password you have logged in client1
system, with the help of Ticket cache:
KEYRING:persistent:0:0
If you want to configure your own SSO(Single-Sign-On) using FreeIPA and interested to know more about functionality and operations of it, this post will help you a lot.
-> Let's start: -
1. First of all you have to configure Red Hat IDM which is also know as FreeIPA, for this I have written a post few weeks ago, where I explained all the steps in detail. Please Click here.. for detailed steps.
OR copy and paste below URL in your web browser-
2. Once master side configurations have been completed, you have to configure FreeIPA client or I would say client side configuration. I have written a post for this as well, where I explained all the steps in detail. Please Clieck here... for detailed steps.
OR copy and paste below URL in your web browser-
After this let's take an example where rkumar is trying to access client1 using ssh and you know client1 and client2 both are enrolled hosts of your IPA(master).
Note: - When first time user try to login by default password is expired so you have to reset your password.
[root@client2 ~]# ssh
rkumar@client1.example.com
Password:
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Creating home directory for rkumar.
-sh-4.2$
rkumar user gets a SHELL means you have logged in client1 system using ssh with
rkumar user, but you have to enter rkumar user's password.
Please logout rkumar as of now so that you can test 2nd and important scenario.
-sh-4.2$ logout
Connection to client1.example.com closed.
[root@client2 ~]# kinit rkumar
Password for rkumar@EXAMPLE.COM:
[root@client2
~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: rkumar@EXAMPLE.COM
Valid starting Expires Service principal
12/24/2018 11:18:10 12/25/2018 11:18:03 krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@client2
~]# ssh rkumar@client1.example.com
Last login: Mon Dec 24 11:17:03 2018 from
192.168.1.104
-sh-4.2$
This is not only case with SSH, this is very big thing, with the help of it you can login using all the protocol which are running on these machine.
In this example client1 is ssh server for client2.
That's all guys, your own SSO is ready which you can manipulate as per your requirement.
Comments
Post a Comment
Please share your experience.....