-
Story
-
Resolution: Won't Do
-
Undefined
-
None
-
None
-
None
-
None
-
rhel-sst-idm-ipa
-
ssg_idm
-
0
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Feature Overview
Customer has remote users running Windows laptops that are not administered with IdM. They require the ability to connect to RHEL systems that are administered using IdM. They are able to use CAC authentication to ssh into the aforementioned RHEL systems, however, no kerberos ticket is generated. They are able to manually generated a kerberos ticket with kinit once they've gained access to the RHEL systems, however they must enter a username/password to do this. Customer's security office has required removal of username/password authentication for all non-admin users and since manually generating a kerberos ticket in order to access other IdM-managed RHEL devices requires username/password auth, they have not been able to remove user/pw auth in their environment.
Goals
This hybrid sort of environment utilized by the customer seems as though that could possibly be not that uncommon especially in the government space. Having ssh key-based kerberos authentication would help those environments that are moving towards a CAC-only authentication setup.
Requirements
A list of specific needs or objectives that a Feature must deliver to satisfy the Feature.. Some requirements will be flagged as MVP. If an MVP gets shifted, the feature shifts. If a non MVP requirement slips, it does not shift the feature.
| requirement | Notes | isMvp? |
I'm not aware of any requirements. Also, apologies in advance if this is not in the right project.
(Optional) Use Cases
< How will the user interact with this feature? >
< Which users will use this and when will they use it? >
< Is this feature used as part of current user interface? >
Out of Scope
Background, and strategic fit
< What does the person writing code, testing, documenting need to know? >
Assumptions
< Are there assumptions being made regarding prerequisites and dependencies?>
< Are there assumptions about hardware, software or people resources?>
Customer Considerations
< Are there specific customer environments that need to be considered (such as working with existing h/w and software)?>
<Are there Upgrade considerations that customers need to account for, or that the Feature should address on behalf of the customer?>
<Does the Feature introduce data that could be gathered and used for Insights purposes?>
Documentation Considerations
< What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)? >
<What does success look like?>
< Does this feature have doc impact? Possible values are: New Content, Updates to existing content, Release Note, or No Doc Impact>
<If unsure and no Technical Writer is available, please contact Content Strategy. If yes, complete the following.>
- <What concepts do customers need to understand to be successful in [action]?>
- <How do we expect customers will use the feature? For what purpose(s)?>
- <What reference material might a customer want/need to complete [action]?>
- <Is there source material that can be used as reference for the Technical Writer in writing the content? If yes, please link if available. >
- <What is the doc impact (New Content, Updates to existing content, or Release Note)?>
Interoperability Considerations
< Which other products and versions in our portfolio does this feature impact? >
<If other products will be impacted set the ‘LP_Interop’ label on the Feature>
< What interoperability test scenarios should be factored by the layered product(s)? >
Questions
| Question | Outcome |
