[Freeipa-users] Desperate help requested.

Mark St. Laurent mstlaure at redhat.com
Tue Aug 28 18:36:54 UTC 2012 

Don't forget security policies and governance... I am in the federal space, but know that Regulations such as Sarbanes-Oxley and HIPAA, FETPA, PCI, FERC, and Gramm--Leach-Bliley and audits are important in the commercial space. 

Regulations and Compliance force companies to become stricter with IT security and access management. Of course, it’s still possible to be compliant without identity governance, but the odds of encountering mistakes and less than perfect audits rises considerably. 


Identity governance is the automated control of user identity in order to manage access to company data. Typically, this pertains to business insiders, such as employees, partners, contractors, and so on. 


Perhaps you need to explain the situation in your bosses bosses boss language... 


Industries and companies are subject to a web of regulations that impose strict legal requirements with regard to the handling of information. A failure on your organization's part to comply with these laws can lead to fines, costly litigation, negative publicity, and lost business opportunities. 


Attached is one of our Red Hat Summit slides you can dig threw to get good information on to back your case. Every Slide will just about help you out 



Best regards, 



Norman "Mark" St. Laurent 
Federal Team: Senior Solutions Architect 
Red Hat 
8260 Greensboro Drive, Suite 300 
McLean VA, 22102 
Email: msl at redhat.com 
Cell: 703.772.1434 

Check this Link out!!! Cool Stuff: http://mil-oss.org/ 

----- Original Message -----

From: "Duncan Innes" <Duncan.Innes at virginmoney.com> 
To: "KodaK" <sakodak at gmail.com>, freeipa-users at redhat.com 
Sent: Tuesday, August 28, 2012 3:19:33 AM 
Subject: Re: [Freeipa-users] Desperate help requested. 

> -----Original Message----- 
> From: freeipa-users-bounces at redhat.com 
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of KodaK 
> Sent: 26 August 2012 05:06 
> To: freeipa-users at redhat.com 
> Subject: [Freeipa-users] Desperate help requested. 
> 
> I've just been informed by my boss's boss's boss that, and I 
> quote from his ridiculous email: 
> 
> "we cannot use anything other than MS AD for authentication" 
> 
> I've spent months of time and much effort rolling out IPA, 
> consolidating authentication across our Linux and AIX 
> machines. To paraphrase Babbage: I am not able rightly to 
> apprehend the kind of confusion of ideas that could provoke 
> such a statement. 
> 
> Regardless, I need some help. I need some help with 
> comparisons between FreeIPA and AD, and the problems and 
> issues one might encounter when trying to authenticate Unix 
> machines against AD. 
> Anything that can show IPA being superior to AD for *nix 
> authentication. Anything at all. We have a similar number 
> of AIX and Linux servers. We have a week before we have a 
> meeting to discuss this, and I'd like to be armed to the 
> teeth, if at all possible. 
> 
> Thanks for any help you can give. And wish me luck. 
> 
> Thanks, 
> 
> --Jason 
> 

I faced a similar situation recently, but my version wasn't worded so 
harshly. 

The line to take has already been pointed out - IPA managed sudo & 
SELinux from a central point. These concepts are entirely outwith the 
capabilities of Active Directory. You could also state the 
yet-to-be-developed 'A' part of IPA for any Auditing requirements. 

We also emphasised here that AD was written purely for Windows domains 
and that the effort put in to allowing extra schema for Unix domains is 
really not ideal. 

You should state, if you have not already done so, that you plan to link 
the AD and IPA domains (via a trust or a sync). That will allay any 
fears that users will have different passwords or even usernames to 
access various machines. 

So your boss's boss's boss can be assured that you are *authenticating* 
against AD, but you should still be able to have IPA in there to manage 
the idiosyncrasies of the Unix estate. 

Hope this helps 

Duncan 


Northern Rock plc is part of the Virgin Money group of companies. 

This e-mail is intended to be confidential to the recipient. If you receive a copy in error, please inform the sender and then delete this message. 

Virgin Money Personal Financial Service Limited is authorised and regulated by the Financial Services Authority. Company no. 3072766. 

Virgin Money Unit Trust Managers Limited is authorised and regulated by the Financial Services Authority. Company no. 3000482. 

Virgin Money Cards Limited. Introducer appointed representative only of Virgin Money Personal Financial Service Limited. Company no. 4232392. 

Virgin Money Management Services Limited. Company no. 3072772. 

Virgin Money Holdings (UK) Limited. Company no. 3087587. 

Each of the above companies is registered in England and Wales and has its registered office at Discovery House, Whiting Road, Norwich NR4 6EJ. 

Northern Rock plc. Authorised and regulated by the Financial Services Authority. Registered in England and Wales (Company no. 6952311) with its registered office at Northern Rock House, Gosforth, Newcastle upon Tyne NE3 4PL. 

The above companies use the trading name Virgin Money. 


_______________________________________________ 
Freeipa-users mailing list 
Freeipa-users at redhat.com 
https://www.redhat.com/mailman/listinfo/freeipa-users 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120828/d04f9233/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newlands_managing_identity_and_access.pdf
Type: application/pdf
Size: 657482 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120828/d04f9233/attachment.pdf>

More information about the Freeipa-users mailing list