Allow users to authenticate as different users using SSH public key authentication. Allow admins to manage who can impersonate who. This would be useful for special services which perform actions on a server on behalf of a user.
It's SSH bug, but: Is there any support in Kerberos? I think it's generally possible (I heard about somethink like ticket delegation.)
It can be more general/powerfull then SSH delegation. AFAIK it should be possible to delegate only one ticket to one service with limited lifetime or something like that. It can simplify enforcing time limitation and so on.
It is not a kerberos auth it is an SSH key auth in this case.
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: Ticket Backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.