On 03/27/2012 04:32 AM, Oguz Yilmaz wrote:
> I plan to implement a common authentication and authorization system
> for several Linux applications. My research has redirected me to
> FreeIPA, and I am happy to know about such a good project.
> However, I dont have any purpose of managing non-windows computers and
> users. This is a one gateway box, single machine system.
> My planned system has several services, Some examples to use that AA
> system is: xl2tpd, pptpd, openvpn, squid and some custom made web
> I need the following functions for those services and applications:
> - User authentication
> - User roles and authorization (vpnuser, manager, webuser...)
> - User, role and credentials management (creating users by admin,
> passsword changes by users,...)
> - AD and radius sync or proxying AA.
> The services can be connected to the AA system through an
> authenticator system binary. Binary is called with user credentials
> and service requesting AA; and results in grant or reject. System
> services may use this binary for checking authentication and
> Do you think FreeIPA is a good choice? What would you suggest, otherwise?
>From the high level yes it seems like a good choice but devil is in details.
IPA does everything you listed but it might do it in a different way
from how you envision it.
You might find that a pure DS server would be more flexible for you. But
it would not be clear up until you give it a try.
I suggest you give it a try and make your mind based on the experience
and quick evaluation.
Looking at your requirements I would bet that IPA would work for you
This authenticator system binary that you mention is it a custom code or
something off the shelf? Is it ldap based or uses PAM? Is it something
> Best Regards,
> Oguz YILMAZ
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list