On 03/27/2012 04:32 AM, Oguz Yilmaz wrote:
> Hello,
> I plan to implement a common authentication and authorization system
> for several Linux applications. My research has redirected me to
> FreeIPA, and I am happy to know about such a good project.
> However, I dont have any purpose of managing non-windows computers and
> users. This is a one gateway box, single machine system.
> My planned system has several services, Some examples to use that AA
> system is: xl2tpd, pptpd, openvpn, squid and some custom made web
> applications.
> I need the following functions for those services and applications:
> - User authentication
> - User roles and authorization (vpnuser, manager, webuser...)
> - User, role and credentials management (creating users by admin,
> passsword changes by users,...)
> - AD and radius sync or proxying AA.
> The services can be connected to the AA system through an
> authenticator system binary. Binary is called with user credentials
> and service requesting AA; and results in grant or reject. System
> services may use this binary  for checking authentication and
> authorization.
> Do you think FreeIPA is a good choice? What would you suggest, otherwise?

>From the high level yes it seems like a good choice but devil is in details.
IPA does everything you listed but it might do it in a different way
from how you envision it.
You might find that a pure DS server would be more flexible for you. But
it would not be clear up until you give it a try.
I suggest you give it a try and make your mind based on the experience
and quick evaluation.
Looking at your requirements I would bet that IPA would work for you
just fine.

This authenticator system binary that you mention is it a custom code or
something off the shelf? Is it ldap based or uses PAM? Is it something
like kinit?

> Best Regards,
> --
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to