We have several Linux machine (running various versions of Fedora and CentOS, but that should not be relevant) with local users. Most of those local users are the same login name but might have different UID/GID based on when and by whom they were created. We want to sanitise this state of affair and settled on FreeIPA
How can I map the already existing local Linux users to the FreeIPA user?
Just to be extra clear: Given I have a local user called abc
on machine ook
and a FreeIPA user called abc
, and ook
is set up as a FreeIPA host with access for ook
, when I ssh into ook as abc (via ssh abc@ook
) then I am prompted for the password from FreeIPA. Better yet since I defined a public key for user abc
I should log in without a password provided that I am authenticated and authorised on ook
. The ~abc
is whatever was present in the local account (before FreeIPA was introduced) and not another account with the same login name but different UID/GID.
Is this possible?
Clearly, this is related to https://serverfault.com/q/754922/132934.