[Freeipa-users] FreeIPA and others
John Dennis
jdennis at redhat.com
Fri May 11 20:16:01 UTC 2012
On 05/11/2012 03:51 PM, Chandan Kumar wrote:
> Thanks John for reply.
>
> Ok. So basically it integrate various subsystems required to have a full
> fledged AAA system and give the end user a single controlling interface
> to control various components.
Excellent summary.
> So will its webgui enable to control 389, Krb and Radius configurations
> too?
The web gui controls 389 and KRB configuration and the data those
services operate on.
We currently do not support radius, however it's on the roadmap. A
fundamental problem with radius is many of the authentication protocols
used in radius require access to a cleartext password or hash. So far
we've been assiduous in not storing and exposing this material for
security reasons. There are possible solutions but we've decided there
are more import features to address first.
> Because if I see each of these components individually each needs
> to be setup separately with lot of pain.
Absolutely, the pain threshold of setting those component up and getting
them to play together is high. One of the primary design goals of
FreeIPA is to eliminate those pain points so you can focus on
administrating your user base.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list