,欢迎您!
登录您的红帽帐户
尚未注册?下面是您应该进行注册的一些理由:
- 从一个位置浏览知识库文章、管理支持案例和订阅、下载更新以及执行其他操作。
- 查看组织内的用户,以及编辑他们的帐户信息、偏好设置和权限。
- 管理您的红帽认证,查看考试历史记录,以及下载认证相关徽标和文档。
您可以使用红帽帐户访问您的会员个人资料、偏好设置以及其他服务,具体决取决于您的客户状态。
出于安全考虑,如果您在公共计算机上通过红帽服务进行培训或测试,完成后务必退出登录。
退出红帽博客
Blog menu
As this is my sixth post on Identity Management I thought it would (first) be wise to explain (and link back to) my previous efforts. My first post kicked off the series by outlining challenges associated with interoperability in the modern enterprise. My second post explored how the integration gap between Linux systems and Active Directory emerged, how it was formerly addressed, and what options are available now. My third post outlined the set of criteria with which one is able to examine various integration options. And my most recent entries, post four and five, reviewed options for direct and indirect integration, respectively.
Delving deeper into the world of indirect integration (i.e. utilizing a trust-based approach) - two of the biggest questions are often: “Where are my users?” and “Where does authentication actually happen?” As opposed to a solution that relies upon synchronization
, authentication, in the trust-based approach, actually happens wherever the user entry and his or her respective password are stored. If the AD user is authenticating (regardless which resource he or she is accessing) they will be authenticated by the AD domain that they belong to. This is accomplished by the client software (e.g. SSSD) being intelligent enough to realize that the user is stored in AD – while the system (itself) may be a member server of IdM. In this scenario, SSSD will interact with AD directly to perform user authentication.
One of the only caveats is that IdM has to deal with old Linux and UNIX systems that (often times) do not have latest version of SSSD. To address the needs of the Linux and UNIX legacy clients IdM acts as a proxy server by caching identity data. In fact, IdM uses SSSD on the server in a special configuration to collect information from AD and perform authentication - exposing data in a so-called compatibility tree.
To learn more about what’s going on “under the hood” - FreeIPA hosts an information slide deck here.
Finally, it’s worth noting
that the above mentioned functionality is a part of IdM and is available today as a part of Red Hat Enterprise Linux 7. For additional information you can review the available documentation in the Red Hat Customer Portal.