FreeIPA is an integrated security information management solution combining Linux (Fedora), Fedora Directory Server, NTP, DNS...
FreeIPA (so far) is an integrated solution combining
· Linux (currently Fedora)
· Fedora Directory Server
· MIT Kerberos
· Web and commandline provisioning and administration tools
Version 1 will focus on
· Allowing an administrator to quickly install, setup, and administer one or more IPA servers for centralized authentication and user identity management.
Version 2 will focus on
· Adding DNS and Certificate Authority to the IPA core
· Allowing an admin to join a machine to an IPA realm
· Providing kerberos principal and cert to the joined machine
· Providing service keytabs and service certificates to services
· Managing the keytabs and certificates once provided
· Plug-in architecture for IPA extensibility. freeRADIUS as a first plugin.
· IPA Client code for managing authentication, authorization, caching, connection
· Policy. Centrally managed sudoers/netgroups, SELinux role based access
· Audit. Centrally collected audit logs from IPA servers and from IPA clients
Why Use FreeIPA?
For efficiency, compliance and risk mitigation, organizations need to centrally manage and correlate vital security information including:
· Identity (machine, user, virtual machines, groups, authentication credentials)
· Policy (configuration settings, access control information)
· Audit (events, logs, analysis thereof)
Because of its vital importance and the way it is interrelated, we think identity, policy, and audit information should be open, interoperable, and manageable. Our focus is on making identity, policy, and audit easy to centrally manage for the Linux and Unix world. Of course, we will need to interoperate well with Windows and much more.
We are looking to take concrete and useful steps and so have chosen initially to focus on Identity solutions for the Unix/Linux world
We intend to tackle centralized management of policy and audit information next.