[Freeipa-users] Assessment of FreeIPA for local central authentication and user management service for a single server with multiple services in need for AA

Dmitri Pal dpal at redhat.com
Tue Mar 27 13:19:11 UTC 2012


On 03/27/2012 04:32 AM, Oguz Yilmaz wrote:
> Hello,
>
> I plan to implement a common authentication and authorization system
> for several Linux applications. My research has redirected me to
> FreeIPA, and I am happy to know about such a good project.
>
> However, I dont have any purpose of managing non-windows computers and
> users. This is a one gateway box, single machine system.
>
> My planned system has several services, Some examples to use that AA
> system is: xl2tpd, pptpd, openvpn, squid and some custom made web
> applications.
>
> I need the following functions for those services and applications:
>
> - User authentication
> - User roles and authorization (vpnuser, manager, webuser...)
> - User, role and credentials management (creating users by admin,
> passsword changes by users,...)
> - AD and radius sync or proxying AA.
>
> The services can be connected to the AA system through an
> authenticator system binary. Binary is called with user credentials
> and service requesting AA; and results in grant or reject. System
> services may use this binary  for checking authentication and
> authorization.
>
> Do you think FreeIPA is a good choice? What would you suggest, otherwise?
>

>From the high level yes it seems like a good choice but devil is in details.
IPA does everything you listed but it might do it in a different way
from how you envision it.
You might find that a pure DS server would be more flexible for you. But
it would not be clear up until you give it a try.
I suggest you give it a try and make your mind based on the experience
and quick evaluation.
Looking at your requirements I would bet that IPA would work for you
just fine.


This authenticator system binary that you mention is it a custom code or
something off the shelf? Is it ldap based or uses PAM? Is it something
like kinit?

> Best Regards,
>
>
> --
> Oguz YILMAZ
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-users mailing list