May 9th meeting: FreeIPA


Topic: FreeIPA
Presenter: Jeremy Agee & Chris Hudson
When: Thursday, May 9, 7pm
Where: Red Hat HQ, NCSU Centennial Campus, 1801 Varsity Dr, Raleigh, NC
Map: Google Maps
Video: G+ Hangout Live and on YouTube [live stream and then archived on youtube]
Slides: Slides [ODP], Install Log [TXT], Demo Video [YouTube]

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

This talk will describe the different parts of IPA and what each one does:

  • What is an IdM system and why do i need one?
  • What do we need to manage?
  • overview of how do these parts work together NTP, LDAP, PKI, KDC, HTTPD, and DNS
  • client parts sssd, certmonger

The talk will then switch to a live demo of installing and configuring a FreeIPA server, and adding a client to the IPA infrastructure. The demo will cover CLI and Web UI for admins, dns management, krb5+nfs4 for file access, SSO for ssh + key management, and sssd caching for when IPA servers are unavailable (anyone use a laptop?).

If there is enough time after the demo, we can go into enterprise features like HBAC, sudo rules, Automount maps, selinux users, and AD cross-realm trusts.