Currently am I looking for a workable solution for the following situation:
Let's say that an ipa client has been stolen (or compromised). What can we
do to block all access from it, towards IPA (and rest)
For example if we use the command "ipa host-disable" it's noticed that IPA
users are no longer able to login into the system. But if you log into the
system as root. Then you can still run (successfully) the command kinit, and
optain a ticket for it.
Even if you delete the host from the directory, the behavior remains the
same.
Can this anyhow be blocked.
Regards,
Daniel
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
