[Freeipa-users] FreeIPA and others
John Dennis
jdennis at redhat.com
Fri May 11 19:23:01 UTC 2012
On 05/11/2012 02:18 PM, Chandan Kumar wrote:
> Hi All,
>
> I was considering different centralized authentication/authorization
> services such as FreeIPA, 389 and Open ldap to deploy into our network
> in order to have a good centralized user authentication/authorization
> machanism. I was wondering what are they key that FreeIPA provides as
> compared to other directory servies in terms of extra feature, ease of
> deployment and use etc.
FreeIPA is an integrated solution that includes DNS, kerberos SSO, host
management, HBAC, role based authorization, integration with SSSD,
sophisticated group management, sudo support, certificate management,
can replace NIS and netgroups, supports replication for redundant
servers, etc. It supports both a scriptable command line utility set as
well as a web based GUI. The next version will include support for cross
realm trusts allowing for powerful integration with Active Directory.
FreeIPA is built on top of 389 DS, MIT Kerberos KDC and the Dogtag
certificate management system. Openldap is well, just an LDAP server
(some assembly required).
The whole idea of FreeIPA is to take the basic primitive services
supplied by an LDAP server but make it vastly more powerful by layering
a lot of sophisticated functionality on top it which is fully integrated
and easy to use.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list