[Freeipa-users] Some interrogations about the freeipa deployment

[Steven Jones]

Hi,

I have all done this, so from what you write I think IPA would be a good fit for what you want, except that is the single sign on bit I have not looked to see if that can be done. For http restart you control that via sudo in IPA so its centrally managed, I have this working for one such server though I use the reload option instead.

I would also not run one instance of IPA myself but with such a small site that's your call.


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Bob Sauvage [Bob.sauvage at gmx.fr]
Sent: Wednesday, 23 January 2013 9:51 a.m.
To: freeipa-users at redhat.com
Subject: [Freeipa-users] Some interrogations about the freeipa deployment

Hi *,

I plan to review the network architecture of my office. 10 Windows/Linux desktops and 2 Linux servers will be deployed on the network.

I want to install freeipa on the first server to act like an AD DS. I want to authenticate users on the server and controlling what can be done or not by them on the network. 10 other linux web servers should be accessible (console) by specific users and without the need to authenticating again (single sign on). On these web servers,  users can issue specific commands like "/etc/init.d/httpd restart".

Is it possible to achive this with freeipa ?  Do you have some articles ?

Thanks in advance,

Bob !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130122/4bb9b934/attachment.htm>