Tutorial: Identity Management with FreeIPA
Вставка
- Опубліковано 1 жов 2024
- Fraser Tweedale
linux.conf.au/...
FreeIPA is an integrated identity management solution providing
centralised user, host and service management, authentication and
authorisation in Linux/UNIX networked environments, with a focus on
ease of deployment and management. It is built on top of well-known
Open Source technologies and standards including 389 Directory
Server, MIT Kerberos and Dogtag Certificate System.
This hand-on workshop will provide participants with a comprehensive
introduction to FreeIPA including server deployment and
administration, client machine enrolment, and configuring server
software to use FreeIPA's centralised identity and policy store.
Participants will:
- Install a FreeIPA server and replica
- Enrol client machines in the domain
- Create and administer users
- Manage host-based access control (HBAC) policies
- Issue X.509 certificates for network services
- Configure a web server to use FreeIPA for user authentication and
access control
There will be a number of elective units which participants can
choose, based on their progress and particular use cases:
- OTP two-factor authentication
- Advanced certificate management: profiles, sub-CAs and user
certificates
- OpenSSH key management
- Federated identity with Ipsilon
- User self-service secret management
- ...and more!
If you are planning to attend the workshop please note that *some preparation is strongly advised*.
Preparation steps are outlined at
github.com/fre....
In brief, it amounts to "install Vagrant and VirtualBox, and download the VM image" so that you are ready to ``vagrant up`` at the start of the workshop. The `libvirt' provider is also supported.
I have replicated multi-master environment of freeIPA server. Now if I lost 1st master server then how can i promote 2nd replicated master in place of 1st master server ?
Hi,
Thank you for the informative video. I have built a freeIPA server in my environment. I need to authenticate Windows 7 clients in workgroup. With the help of the following URL (www.freeipa.org/page/Windows_authentication_against_FreeIPA) I have made the setup. I have created a local account in the client as same as that of in in the REALM domain.
It is showing the domain as TESTLAB.COM, but while enter the credential it is showing 'There is know logon server available'. I have stopped the firewall from both the Windows and IPA server. Expecting a good suggestion to resolve the issue. Thanks in advance.
is there a best practice deploy freeipa in docker swarm?
can we enroll mac clients to Freeipa
Is there anybody who can present this shit without putting me to sleep?
it is physically impossible to make identify management interesting