Currently, certificates can be issued only for hosts and services. For some of the use cases, like authentication of services with SSL certificates (example freeipa-users request), FreeIPA should be able to also issue certificate for (system) users.
FreeIPA should be able to issue the certificates for both standard POSIX users and for system users (users with limited objectclasses and no password expiration policy).
Prerequisites: multiple cert profiles (#57), system users API (#2801).
The system should be able to get user certificates either by certmonger or FreeIPA API. Certmonger already support different profiles but IPA throws it away.
This is already planned for FreeIPA 4.2, part of Fraser's work on (#57).
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1200735
master:
The functionality is there. From now on, the feature is in bugfixing mode.
Metadata Update from @mkosek: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.