Identity Management Using IPA in CentOS and RHEL

UPDATED 8 Jan 2016 to include RHEL 7 IPA (Linux Domain) document which also applies to CentOS 7. I have also added a section at the bottom for Active Directory organizations desiring to add Linux IPA client systems directly to a Windows domain without any IPA Server. Thanks for reading!

CentOS and RHEL (6.x & 7.x) ship with an Identity Management (IDM) system similar in features to Active Directory. This IDM is built upon code developed by the FreeIPA team. IPA is short for Identity Policy and Audit. In RHEL 6 / CentOS 6, the IPA solution is often referred to as “Identity Management.” In RHEL 7 / CentOS 7, the IPA solution is now also referred to as “Linux Domain.”

Kerberos, LDAP, Certificate Services, and Secure Dynamic DNS services are all integrated with a common configuration to provide central authentication and systems management for your Linux deployments. This “IPA” enables organizations to take Linux out of toy lab use and into production large deployments without sacrificing security or manageability.

If your organization already manages Windows accounts and systems using the extremely popular Microsoft Active Directory (AD), I recommend you consider joining your Linux systems directly to your Windows domain with the FreeIPA client known as “SSSD” (System Security Services Daemon). SSSD has near-native Active Directory client support in recent versions allowing hybrid environments to avoid the hassle of installing and running Linux IPA Servers. See the official Active Directory integration document for RHEL 7 for some hints on successfully using RHEL 7 / CentOS 7 systems on your Windows Domain with the IPA Client (SSSD) – specifically the section regarding realmd.

About notesbytom

Keeping technology notes on to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Linux, System Administration and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s