Security
Fedora's FreeIPA offers identity, security services
An ambitious open source project hopes to provide a unified directory and authentication server, but needs more interoperability work to become a viable competitor for Novell Identity Manager or Microsoft Active Directory.
Fedora 9, released last month, included the first release of FreeIPA, a new free/open source project that comes out of Red Hat with the goal of becoming a complete and integrated security information management solution. In this article we take a look at exactly what FreeIPA is, both what it can do now and what its developers hope it will be capable of in the future. It seems destined to become a key feature of Red Hat Enterprise Linux 6, and with Fedora 9 released and FreeIPA tightly integrated, now seems to be the perfect time to explore this new technology.
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: security
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
FreeIPA 1.0
The project has been running for a year and has recently made its 1.0 release. While the "IPA" part of the name stands for Identity, Policy and Auditing, the current focus is solely on providing the tools to make the identity part of the solution work, with the others being targeted for future releases. This includes the ability to centrally authenticate and administer user identities, functionality which is available in the 1.0 release through the unification of the Fedora Directory Server and MIT Kerberos, with plans to provide similar functionality for machines and services over the coming year.
Beyond the core functionality, the 1.0 release targeted simplifying the installation and configuration of the IPA environment, along with interfaces that will allow systems administrators to interact with the tool in an efficient manner. Both a command line and a web GUI are available in the 1.0 release, along with installation scripts that walk the administrator through the initial configuration.
Beyond 1.0
Once the identity functionality is in place with regard to machines and services as well as users, the plan is to use the information generated to allow systems administrators to build security policies. Perhaps the two most important features planned for this side of FreeIPA are the ability to centrally manage Fedora servers and their accompanying SELinux policies. The technology has not been developed solely with Fedora in mind either, but is designed to be compatible with all of the major UNIX OSs. Not all UNIX versions, of course are capable of all of the features and so these would be restricted to certain platforms. SELinux, for example, is Linux-only. Most significant, however, is the planned ability to be capable of applying policies to individual boxes depending on which group they belong to, including the ability to target virtual machines separate from their physical hosts.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.