<div dir="ltr"><div><div><div><div><div>Hi all;<br><br></div>I'm working an initiative
to centralize user accounts in Active Directory. We have a large RHEL
(6+) footprint and want to manage these as well. I am a Red Hat Engineer
on the project and, while it is possible to integrate all of the RHEL
clients directly to AD, I have a nagging feeling that using IdM as an
intermediary would be a good approach. However, I have never implemented
it and experienced the solidity of integration with AD so I can't
formulate a solid argument at this point.<br><br></div>My primary belief
is that using IdM would allow for the Unix administrators better
control over their environment. However, even in that case we also have
Satellite so we likely wouldn't use IdM for policy centralization. I'm
curious whether it is possible to store all user, group and system
objects in Active Directory and then allow the configuration of host
based access control policies from IdM using those AD objects. That
might be one argument for it. As an add-on to that question how is the
HBAC actually implemented in IdM? It doesn't simply push down a policy
for pam_access does it?<br><br></div>Also, if users were configured with
Smart Card information in AD could these users authenticate to Linux
clients with IdM as an intermediary?<br><br></div>Thanks ahead of time!<div class=""><div id=":b7" class="" tabindex="0"><img class="" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div><span class=""><font color="#888888"><br></font></span></div><span class=""><font color="#888888">-LK</font></span></div>