My understanding is that before the agent can be used to assume an AWS role, each user must authenticate and receive a token from the hologram server. To do this one must use the hologram-authorize utility.
When I try to authorize with the hologram, the server does a search for my user and tries to compare the the md5 password hash along with my ssh public key with the one in LDAP. I use FreeIPA as my LDAP server. When hologram searches for my user the results do not contain the userPassword field.
So I have a few questions?
Should my LDAP server return the userPassword md5 hash value? (doesn't seem like a secure thing to do)
Or am I doing something wrong?
I am open to the possibility that I am doing something wrong in some manner but I am not able to decern that from the hologram documentation.
My understanding is that before the agent can be used to assume an AWS role, each user must authenticate and receive a token from the hologram server. To do this one must use the
hologram-authorize
utility.When I try to authorize with the hologram, the server does a search for my user and tries to compare the the md5 password hash along with my ssh public key with the one in LDAP. I use FreeIPA as my LDAP server. When hologram searches for my user the results do not contain the userPassword field.
So I have a few questions? Should my LDAP server return the userPassword md5 hash value? (doesn't seem like a secure thing to do) Or am I doing something wrong?
I am open to the possibility that I am doing something wrong in some manner but I am not able to decern that from the hologram documentation.